REST Resource: projects.locations.features

Resource: Feature

Feature represents the settings and status of any Hub Feature.

JSON representation
{
  "name": string,
  "labels": {
    string: string,
    ...
  },
  "resourceState": {
    object (FeatureResourceState)
  },
  "spec": {
    object (CommonFeatureSpec)
  },
  "membershipSpecs": {
    string: {
      object (MembershipFeatureSpec)
    },
    ...
  },
  "state": {
    object (CommonFeatureState)
  },
  "membershipStates": {
    string: {
      object (MembershipFeatureState)
    },
    ...
  },
  "createTime": string,
  "updateTime": string,
  "deleteTime": string
}
Fields
name

string

Output only. The full, unique name of this Feature resource in the format projects/*/locations/*/features/*.

labels

map (key: string, value: string)

GCP labels for this Feature.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

resourceState

object (FeatureResourceState)

Output only. State of the Feature resource itself.

spec

object (CommonFeatureSpec)

Optional. Hub-wide Feature configuration. If this Feature does not support any Hub-wide configuration, this field may be unused.

membershipSpecs

map (key: string, value: object (MembershipFeatureSpec))

Optional. Membership-specific configuration for this Feature. If this Feature does not support any per-Membership configuration, this field may be unused.

The keys indicate which Membership the configuration is for, in the form:

projects/{p}/locations/{l}/memberships/{m}

Where {p} is the project, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} WILL match the Feature's project.

{p} will always be returned as the project number, but the project ID is also accepted during input. If the same Membership is specified in the map twice (using the project ID form, and the project number form), exactly ONE of the entries will be saved, with no guarantees as to which. For this reason, it is recommended the same format be used for all entries when mutating a Feature.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

state

object (CommonFeatureState)

Output only. The Hub-wide Feature state.

membershipStates

map (key: string, value: object (MembershipFeatureState))

Output only. Membership-specific Feature status. If this Feature does report any per-Membership status, this field may be unused.

The keys indicate which Membership the state is for, in the form:

projects/{p}/locations/{l}/memberships/{m}

Where {p} is the project number, {l} is a valid location and {m} is a valid Membership in this project at that location. {p} MUST match the Feature's project number.

An object containing a list of "key": value pairs. Example: { "name": "wrench", "mass": "1.3kg", "count": "3" }.

createTime

string (Timestamp format)

Output only. When the Feature resource was created.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

updateTime

string (Timestamp format)

Output only. When the Feature resource was last updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

deleteTime

string (Timestamp format)

Output only. When the Feature resource was deleted.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

FeatureResourceState

FeatureResourceState describes the state of a Feature resource in the GkeHub API. See FeatureState for the "running state" of the Feature in the Hub and across Memberships.

JSON representation
{
  "state": enum (FeatureResourceState.State)
}
Fields
state

enum (FeatureResourceState.State)

The current state of the Feature resource in the Hub API.

FeatureResourceState.State

State describes the lifecycle status of a Feature.

Enums
STATE_UNSPECIFIED State is unknown or not set.
ENABLING The Feature is being enabled, and the Feature resource is being created. Once complete, the corresponding Feature will be enabled in this Hub.
ACTIVE The Feature is enabled in this Hub, and the Feature resource is fully available.
DISABLING The Feature is being disabled in this Hub, and the Feature resource is being deleted.
UPDATING The Feature resource is being updated.
SERVICE_UPDATING The Feature resource is being updated by the Hub Service.

CommonFeatureSpec

CommonFeatureSpec contains Hub-wide configuration information

JSON representation
{
  "multiclusteringress": {
    object (FeatureSpec)
  }
}
Fields
multiclusteringress

object (FeatureSpec)

Multicluster Ingress-specific spec.

FeatureSpec

Multi-cluster Ingress: The configuration for the MultiClusterIngress feature.

JSON representation
{
  "configMembership": string,
  "billing": enum (Billing)
}
Fields
configMembership

string

Fully-qualified Membership name which hosts the MultiClusterIngress CRD. Example: projects/foo-proj/locations/global/memberships/bar

billing

enum (Billing)

Customer's billing structure

Billing

Billing identifies which billing structure the customer is using.

Enums
BILLING_UNSPECIFIED Unknown
PAY_AS_YOU_GO User pays a fee per-endpoint.
ANTHOS_LICENSE User is paying for Anthos as a whole.

MembershipFeatureSpec

MembershipFeatureSpec contains configuration information for a single Membership.

JSON representation
{
  "configmanagement": {
    object (MembershipSpec)
  }
}
Fields
configmanagement

object (MembershipSpec)

Config Management-specific spec.

MembershipSpec

Anthos Config Management: Configuration for a single cluster. Intended to parallel the ConfigManagement CR.

JSON representation
{
  "configSync": {
    object (ConfigSync)
  },
  "policyController": {
    object (PolicyController)
  },
  "binauthz": {
    object (BinauthzConfig)
  },
  "hierarchyController": {
    object (HierarchyControllerConfig)
  },
  "version": string
}
Fields
configSync

object (ConfigSync)

Config Sync configuration for the cluster.

policyController

object (PolicyController)

Policy Controller configuration for the cluster.

binauthz

object (BinauthzConfig)

Binauthz conifguration for the cluster.

hierarchyController

object (HierarchyControllerConfig)

Hierarchy Controller configuration for the cluster.

version

string

Version of ACM installed.

ConfigSync

Configuration for Config Sync

JSON representation
{
  "git": {
    object (GitConfig)
  },
  "sourceFormat": string
}
Fields
git

object (GitConfig)

Git repo configuration for the cluster.

sourceFormat

string

Specifies whether the Config Sync Repo is in “hierarchical” or “unstructured” mode.

GitConfig

Git repo configuration for a single cluster.

JSON representation
{
  "syncRepo": string,
  "syncBranch": string,
  "policyDir": string,
  "syncWaitSecs": string,
  "syncRev": string,
  "secretType": string,
  "httpsProxy": string,
  "gcpServiceAccountEmail": string
}
Fields
syncRepo

string

The URL of the Git repository to use as the source of truth.

syncBranch

string

The branch of the repository to sync from. Default: master.

policyDir

string

The path within the Git repository that represents the top level of the repo to sync. Default: the root directory of the repository.

syncWaitSecs

string (int64 format)

Period in seconds between consecutive syncs. Default: 15.

syncRev

string

Git revision (tag or hash) to check out. Default HEAD.

secretType

string

Type of secret configured for access to the Git repo.

httpsProxy

string

URL for the HTTPS proxy to be used when communicating with the Git repo.

gcpServiceAccountEmail

string

The GCP Service Account Email used for auth when secretType is gcpServiceAccount.

PolicyController

Configuration for Policy Controller

JSON representation
{
  "enabled": boolean,
  "exemptableNamespaces": [
    string
  ],
  "referentialRulesEnabled": boolean,
  "logDeniesEnabled": boolean,
  "templateLibraryInstalled": boolean,
  "auditIntervalSeconds": string
}
Fields
enabled

boolean

Enables the installation of Policy Controller. If false, the rest of PolicyController fields take no effect.

exemptableNamespaces[]

string

The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster.

referentialRulesEnabled

boolean

Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.

logDeniesEnabled

boolean

Logs all denies and dry run failures.

templateLibraryInstalled

boolean

Installs the default template library along with Policy Controller.

auditIntervalSeconds

string (int64 format)

Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether.

BinauthzConfig

Configuration for Binauthz

JSON representation
{
  "enabled": boolean
}
Fields
enabled

boolean

Whether binauthz is enabled in this cluster.

HierarchyControllerConfig

Configuration for Hierarchy Controller

JSON representation
{
  "enabled": boolean,
  "enablePodTreeLabels": boolean,
  "enableHierarchicalResourceQuota": boolean
}
Fields
enabled

boolean

Whether Hierarchy Controller is enabled in this cluster.

enablePodTreeLabels

boolean

Whether pod tree labels are enabled in this cluster.

enableHierarchicalResourceQuota

boolean

Whether hierarchical resource quota is enabled in this cluster.

CommonFeatureState

CommonFeatureState contains Hub-wide Feature status information.

JSON representation
{
  "state": {
    object (FeatureState)
  }
}
Fields
state

object (FeatureState)

Output only. The "running state" of the Feature in this Hub.

FeatureState

FeatureState describes the high-level state of a Feature. It may be used to describe a Feature's state at the environ-level, or per-membershop, depending on the context.

JSON representation
{
  "code": enum (FeatureState.Code),
  "description": string,
  "updateTime": string
}
Fields
code

enum (FeatureState.Code)

The high-level, machine-readable status of this Feature.

description

string

A human-readable description of the current status.

updateTime

string (Timestamp format)

The time this status and any related Feature-specific details were updated.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

FeatureState.Code

Code represents a machine-readable, high-level status of the Feature.

Enums
CODE_UNSPECIFIED Unknown or not set.
OK The Feature is operating normally.
WARNING The Feature has encountered an issue, and is operating in a degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.
ERROR The Feature is not operating or is in a severely degraded state. The Feature may need intervention to return to normal operation. See the description and any associated Feature-specific details for more information.

MembershipFeatureState

MembershipFeatureState contains Feature status information for a single Membership.

JSON representation
{
  "state": {
    object (FeatureState)
  },

  // Union field feature_state can be only one of the following:
  "metering": {
    object (MembershipState)
  },
  "configmanagement": {
    object (MembershipState)
  }
  // End of list of possible types for union field feature_state.
}
Fields
state

object (FeatureState)

The high-level state of this Feature for a single membership.

Union field feature_state.

feature_state can be only one of the following:

metering

object (MembershipState)

Metering-specific spec.

configmanagement

object (MembershipState)

Config Management-specific state.

MembershipState

Metering: Per-Membership Feature State.

JSON representation
{
  "lastMeasurementTime": string,
  "preciseLastMeasuredClusterVcpuCapacity": number
}
Fields
lastMeasurementTime

string (Timestamp format)

The time stamp of the most recent measurement of the number of vCPUs in the cluster.

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

preciseLastMeasuredClusterVcpuCapacity

number

The vCPUs capacity in the cluster according to the most recent measurement (1/1000 precision).

MembershipState

Anthos Config Management: State for a single cluster.

JSON representation
{
  "clusterName": string,
  "membershipSpec": {
    object (MembershipSpec)
  },
  "operatorState": {
    object (OperatorState)
  },
  "configSyncState": {
    object (ConfigSyncState)
  },
  "policyControllerState": {
    object (PolicyControllerState)
  },
  "binauthzState": {
    object (BinauthzState)
  },
  "hierarchyControllerState": {
    object (HierarchyControllerState)
  }
}
Fields
clusterName

string

The user-defined name for the cluster used by ClusterSelectors to group clusters together. This should match Membership's membership_name, unless the user installed ACM on the cluster manually prior to enabling the ACM hub feature. Unique within a Anthos Config Management installation.

membershipSpec

object (MembershipSpec)

Membership configuration in the cluster. This represents the actual state in the cluster, while the MembershipSpec in the FeatureSpec represents the intended state

operatorState

object (OperatorState)

Current install status of ACM's Operator

configSyncState

object (ConfigSyncState)

Current sync status

policyControllerState

object (PolicyControllerState)

PolicyController status

binauthzState

object (BinauthzState)

Binauthz status

hierarchyControllerState

object (HierarchyControllerState)

Hierarchy Controller status

OperatorState

State information for an ACM's Operator

JSON representation
{
  "version": string,
  "deploymentState": enum (DeploymentState),
  "errors": [
    {
      object (InstallError)
    }
  ]
}
Fields
version

string

The semenatic version number of the operator

deploymentState

enum (DeploymentState)

The state of the Operator's deployment

errors[]

object (InstallError)

Install errors.

DeploymentState

Enum representing the state of an ACM's deployment on a cluster

Enums
DEPLOYMENT_STATE_UNSPECIFIED Deployment's state cannot be determined
NOT_INSTALLED Deployment is not installed
INSTALLED Deployment is installed
ERROR Deployment was attempted to be installed, but has errors

InstallError

Errors pertaining to the installation of ACM

JSON representation
{
  "errorMessage": string
}
Fields
errorMessage

string

A string representing the user facing error message

ConfigSyncState

State information for ConfigSync

JSON representation
{
  "version": {
    object (ConfigSyncVersion)
  },
  "deploymentState": {
    object (ConfigSyncDeploymentState)
  },
  "syncState": {
    object (SyncState)
  }
}
Fields
version

object (ConfigSyncVersion)

The version of ConfigSync deployed

deploymentState

object (ConfigSyncDeploymentState)

Information about the deployment of ConfigSync, including the version of the various Pods deployed

syncState

object (SyncState)

The state of ConfigSync's process to sync configs to a cluster

ConfigSyncVersion

Specific versioning information pertaining to ConfigSync's Pods

JSON representation
{
  "importer": string,
  "syncer": string,
  "gitSync": string,
  "monitor": string,
  "reconcilerManager": string,
  "rootReconciler": string
}
Fields
importer

string

Version of the deployed importer pod

syncer

string

Version of the deployed syncer pod

gitSync

string

Version of the deployed git-sync pod

monitor

string

Version of the deployed monitor pod

reconcilerManager

string

Version of the deployed reconciler-manager pod

rootReconciler

string

Version of the deployed reconciler container in root-reconciler pod

ConfigSyncDeploymentState

The state of ConfigSync's deployment on a cluster

JSON representation
{
  "importer": enum (DeploymentState),
  "syncer": enum (DeploymentState),
  "gitSync": enum (DeploymentState),
  "monitor": enum (DeploymentState),
  "reconcilerManager": enum (DeploymentState),
  "rootReconciler": enum (DeploymentState)
}
Fields
importer

enum (DeploymentState)

Deployment state of the importer pod

syncer

enum (DeploymentState)

Deployment state of the syncer pod

gitSync

enum (DeploymentState)

Deployment state of the git-sync pod

monitor

enum (DeploymentState)

Deployment state of the monitor pod

reconcilerManager

enum (DeploymentState)

Deployment state of reconciler-manager pod

rootReconciler

enum (DeploymentState)

Deployment state of root-reconciler

SyncState

State indicating an ACM's progress syncing configurations to a cluster

JSON representation
{
  "sourceToken": string,
  "importToken": string,
  "syncToken": string,
  "lastSync": string,
  "lastSyncTime": string,
  "code": enum (SyncState.SyncCode),
  "errors": [
    {
      object (SyncError)
    }
  ]
}
Fields
sourceToken

string

Token indicating the state of the repo.

importToken

string

Token indicating the state of the importer.

syncToken

string

Token indicating the state of the syncer.

lastSync
(deprecated)

string

Deprecated: use lastSyncTime instead. Timestamp of when ACM last successfully synced the repo The time format is specified in https://golang.org/pkg/time/#Time.String

lastSyncTime

string (Timestamp format)

Timestamp type of when ACM last successfully synced the repo

A timestamp in RFC3339 UTC "Zulu" format, with nanosecond resolution and up to nine fractional digits. Examples: "2014-10-02T15:01:23Z" and "2014-10-02T15:01:23.045123456Z".

code

enum (SyncState.SyncCode)

Sync status code

errors[]

object (SyncError)

A list of errors resulting from problematic configs. This list will be truncated after 100 errors, although it is unlikely for that many errors to simultaneously exist.

SyncState.SyncCode

An enum representing an ACM's status syncing configs to a cluster

Enums
SYNC_CODE_UNSPECIFIED ACM cannot determine a sync code
SYNCED ACM successfully synced the git Repo with the cluster
PENDING ACM is in the progress of syncing a new change
ERROR Indicates an error configuring ACM, and user action is required
NOT_CONFIGURED ACM has been installed (operator manifest deployed), but not configured.
NOT_INSTALLED ACM has not been installed (no operator pod found)
UNAUTHORIZED Error authorizing with the cluster
UNREACHABLE Cluster could not be reached

SyncError

An ACM created error representing a problem syncing configurations

JSON representation
{
  "code": string,
  "errorMessage": string,
  "errorResources": [
    {
      object (ErrorResource)
    }
  ]
}
Fields
code

string

An ACM defined error code

errorMessage

string

A description of the error

errorResources[]

object (ErrorResource)

A list of config(s) associated with the error, if any

ErrorResource

Model for a config file in the git repo with an associated Sync error

JSON representation
{
  "sourcePath": string,
  "resourceName": string,
  "resourceNamespace": string,
  "resourceGvk": {
    object (GroupVersionKind)
  }
}
Fields
sourcePath

string

Path in the git repo of the erroneous config

resourceName

string

Metadata name of the resource that is causing an error

resourceNamespace

string

Namespace of the resource that is causing an error

resourceGvk

object (GroupVersionKind)

Group/version/kind of the resource that is causing an error

GroupVersionKind

A Kubernetes object's GVK

JSON representation
{
  "group": string,
  "version": string,
  "kind": string
}
Fields
group

string

Kubernetes Group

version

string

Kubernetes Version

kind

string

Kubernetes Kind

PolicyControllerState

State for PolicyControllerState.

JSON representation
{
  "version": {
    object (PolicyControllerVersion)
  },
  "deploymentState": {
    object (GatekeeperDeploymentState)
  }
}
Fields
version

object (PolicyControllerVersion)

The version of Gatekeeper Policy Controller deployed.

deploymentState

object (GatekeeperDeploymentState)

The state about the policy controller installation.

PolicyControllerVersion

The build version of Gatekeeper Policy Controller is using.

JSON representation
{
  "version": string
}
Fields
version

string

The gatekeeper image tag that is composed of ACM version, git tag, build number.

GatekeeperDeploymentState

State of Policy Controller installation.

JSON representation
{
  "gatekeeperControllerManagerState": enum (DeploymentState),
  "gatekeeperAudit": enum (DeploymentState)
}
Fields
gatekeeperControllerManagerState

enum (DeploymentState)

Status of gatekeeper-controller-manager pod.

gatekeeperAudit

enum (DeploymentState)

Status of gatekeeper-audit deployment.

BinauthzState

State for Binauthz

JSON representation
{
  "webhook": enum (DeploymentState),
  "version": {
    object (BinauthzVersion)
  }
}
Fields
webhook

enum (DeploymentState)

The state of the binauthz webhook.

version

object (BinauthzVersion)

The version of binauthz that is installed.

BinauthzVersion

The version of binauthz.

JSON representation
{
  "webhookVersion": string
}
Fields
webhookVersion

string

The version of the binauthz webhook.

HierarchyControllerState

State for Hierarchy Controller

JSON representation
{
  "version": {
    object (HierarchyControllerVersion)
  },
  "state": {
    object (HierarchyControllerDeploymentState)
  }
}
Fields
version

object (HierarchyControllerVersion)

The version for Hierarchy Controller

state

object (HierarchyControllerDeploymentState)

The deployment state for Hierarchy Controller

HierarchyControllerVersion

Version for Hierarchy Controller

JSON representation
{
  "hnc": string,
  "extension": string
}
Fields
hnc

string

Version for open source HNC

extension

string

Version for Hierarchy Controller extension

HierarchyControllerDeploymentState

Deployment state for Hierarchy Controller

JSON representation
{
  "hnc": enum (DeploymentState),
  "extension": enum (DeploymentState)
}
Fields
hnc

enum (DeploymentState)

The deployment state for open source HNC (e.g. v0.7.0-hc.0)

extension

enum (DeploymentState)

The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1)

Methods

create

Adds a new Feature.

delete

Removes a Feature.

get

Gets details of a single Feature.

getIamPolicy

Gets the access control policy for a resource.

list

Lists Features in a given project and location.

patch

Updates an existing Feature.

setIamPolicy

Sets the access control policy on the specified resource.

testIamPermissions

Returns permissions that a caller has on the specified resource.