Types overview

GoogleCloudRunV2BinaryAuthorization

Settings for Binary Authorization feature.

Fields

Fields
`breakglassJustification`	`string` If present, indicates to use Breakglass using this justification. If use_default is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass
`useDefault`	`boolean` If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.

breakglassJustification

string

If present, indicates to use Breakglass using this justification. If use_default is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass

useDefault

boolean

If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled.

GoogleCloudRunV2CancelExecutionRequest

Request message for deleting an Execution.

Fields

Fields
`etag`	`string` A system-generated fingerprint for this version of the resource. This may be used to detect modification conflict during updates.
`validateOnly`	`boolean` Indicates that the request should be validated without actually cancelling any resources.

etag

string

A system-generated fingerprint for this version of the resource. This may be used to detect modification conflict during updates.

validateOnly

boolean

Indicates that the request should be validated without actually cancelling any resources.

GoogleCloudRunV2CloudSqlInstance

Represents a set of Cloud SQL instances. Each one will be available under /cloudsql/[instance]. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.

Fields

Fields
`instances[]`	`string` The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}

instances[]

string

The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance}

GoogleCloudRunV2Condition

Defines a status condition for a resource.

Fields
`executionReason`	`enum` A reason for the execution condition.
Enum type. Can be one of the following:
`EXECUTION_REASON_UNDEFINED`	Default value.
`JOB_STATUS_SERVICE_POLLING_ERROR`	Internal system error getting execution status. System will retry.
`NON_ZERO_EXIT_CODE`	A task reached its retry limit and the last attempt failed due to the user container exiting with a non-zero exit code.
`CANCELLED`	The execution was cancelled by users.
`CANCELLING`	The execution is in the process of being cancelled.
`DELETED`	The execution was deleted.

`lastTransitionTime`	`string (Timestamp format)` Last time the condition transitioned from one status to another.
`message`	`string` Human readable message indicating details about the current status.
`reason`	`enum` A common (service-level) reason for this condition.
Enum type. Can be one of the following:
`COMMON_REASON_UNDEFINED`	Default value.
`UNKNOWN`	Reason unknown. Further details will be in message.
`REVISION_FAILED`	Revision creation process failed.
`PROGRESS_DEADLINE_EXCEEDED`	Timed out waiting for completion.
`CONTAINER_MISSING`	The container image path is incorrect.
`CONTAINER_PERMISSION_DENIED`	Insufficient permissions on the container image.
`CONTAINER_IMAGE_UNAUTHORIZED`	Container image is not authorized by policy.
`CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED`	Container image policy authorization check failed.
`ENCRYPTION_KEY_PERMISSION_DENIED`	Insufficient permissions on encryption key.
`ENCRYPTION_KEY_CHECK_FAILED`	Permission check on encryption key failed.
`SECRETS_ACCESS_CHECK_FAILED`	At least one Access check on secrets failed.
`WAITING_FOR_OPERATION`	Waiting for operation to complete.
`IMMEDIATE_RETRY`	System will retry immediately.
`POSTPONED_RETRY`	System will retry later; current attempt failed.
`INTERNAL`	An internal error occurred. Further information may be in the message.

`revisionReason`	`enum` A reason for the revision condition.
Enum type. Can be one of the following:
`REVISION_REASON_UNDEFINED`	Default value.
`PENDING`	Revision in Pending state.
`RESERVE`	Revision is in Reserve state.
`RETIRED`	Revision is Retired.
`RETIRING`	Revision is being retired.
`RECREATING`	Revision is being recreated.
`HEALTH_CHECK_CONTAINER_ERROR`	There was a health check error.
`CUSTOMIZED_PATH_RESPONSE_PENDING`	Health check failed due to user error from customized path of the container. System will retry.
`MIN_INSTANCES_NOT_PROVISIONED`	A revision with min_instance_count > 0 was created and is reserved, but it was not configured to serve traffic, so it's not live. This can also happen momentarily during traffic migration.
`ACTIVE_REVISION_LIMIT_REACHED`	The maximum allowed number of active revisions has been reached.
`NO_DEPLOYMENT`	There was no deployment defined. This value is no longer used, but Services created in older versions of the API might contain this value.
`HEALTH_CHECK_SKIPPED`	A revision's container has no port specified since the revision is of a manually scaled service with 0 instance count
`MIN_INSTANCES_WARMING`	A revision with min_instance_count > 0 was created and is waiting for enough instances to begin a traffic migration.

`severity`	`enum` How to interpret failures of this condition, one of Error, Warning, Info
Enum type. Can be one of the following:
`SEVERITY_UNSPECIFIED`	Unspecified severity
`ERROR`	Error severity.
`WARNING`	Warning severity.
`INFO`	Info severity.

`state`	`enum` State of the condition.
Enum type. Can be one of the following:
`STATE_UNSPECIFIED`	The default value. This value is used if the state is omitted.
`CONDITION_PENDING`	Transient state: Reconciliation has not started yet.
`CONDITION_RECONCILING`	Transient state: reconciliation is still in progress.
`CONDITION_FAILED`	Terminal state: Reconciliation did not succeed.
`CONDITION_SUCCEEDED`	Terminal state: Reconciliation completed successfully.

`type`	`string` type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready.

GoogleCloudRunV2Container

A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments can be supplied by the system to the container at runtime.

Fields
`args[]`	`string` Arguments to the entrypoint. The docker image's CMD is used if this is not provided.
`command[]`	`string` Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided.
`dependsOn[]`	`string` Names of the containers that must start before this container.
`env[]`	`object (GoogleCloudRunV2EnvVar)` List of environment variables to set in the container.
`image`	`string` Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed.
`livenessProbe`	`object (GoogleCloudRunV2Probe)` Periodic probe of container liveness. Container will be restarted if the probe fails.
`name`	`string` Name of the container specified as a DNS_LABEL (RFC 1123).
`ports[]`	`object (GoogleCloudRunV2ContainerPort)` List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on.
`resources`	`object (GoogleCloudRunV2ResourceRequirements)` Compute Resource requirements by this container.
`startupProbe`	`object (GoogleCloudRunV2Probe)` Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails.
`volumeMounts[]`	`object (GoogleCloudRunV2VolumeMount)` Volume to mount into the container's filesystem.
`workingDir`	`string` Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image.

GoogleCloudRunV2ContainerPort

ContainerPort represents a network port in a single container.

Fields

Fields
`containerPort`	`integer (int32 format)` Port number the container listens on. This must be a valid TCP port number, 0 < container_port < 65536.
`name`	`string` If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c".

containerPort

integer (int32 format)

Port number the container listens on. This must be a valid TCP port number, 0 < container_port < 65536.

name

string

If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c".

GoogleCloudRunV2EmptyDirVolumeSource

In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).

Fields
`medium`	`enum` The medium on which the data is stored. Acceptable values today is only MEMORY or none. When none, the default will currently be backed by memory but could change over time. +optional
Enum type. Can be one of the following:
`MEDIUM_UNSPECIFIED`	When not specified, falls back to the default implementation which is currently in memory (this may change over time).
`MEMORY`	Explicitly set the EmptyDir to be in memory. Uses tmpfs.

`sizeLimit`	`string` Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir

GoogleCloudRunV2EnvVar

EnvVar represents an environment variable present in a Container.

Fields

Fields
`name`	`string` Required. Name of the environment variable. Must be a C_IDENTIFIER, and must not exceed 32768 characters.
`value`	`string` Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes.
`valueSource`	`object (GoogleCloudRunV2EnvVarSource)` Source for the environment variable's value.

name

string

Required. Name of the environment variable. Must be a C_IDENTIFIER, and must not exceed 32768 characters.

value

string

Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes.

valueSource

object (GoogleCloudRunV2EnvVarSource)

Source for the environment variable's value.

GoogleCloudRunV2EnvVarSource

EnvVarSource represents a source for the value of an EnvVar.

Fields

Fields
`secretKeyRef`	`object (GoogleCloudRunV2SecretKeySelector)` Selects a secret and a specific version from Cloud Secret Manager.

secretKeyRef

object (GoogleCloudRunV2SecretKeySelector)

Selects a secret and a specific version from Cloud Secret Manager.

GoogleCloudRunV2Execution

Execution represents the configuration of a single execution. A execution an immutable resource that references a container image which is run to completion.

Fields
`annotations`	`map (key: string, value: string)` Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.
`cancelledCount`	`integer (int32 format)` Output only. The number of tasks which reached phase Cancelled.
`completionTime`	`string (Timestamp format)` Output only. Represents time when the execution was completed. It is not guaranteed to be set in happens-before order across separate operations.
`conditions[]`	`object (GoogleCloudRunV2Condition)` Output only. The Condition of this Execution, containing its readiness status, and detailed error information in case it did not reach the desired state.
`createTime`	`string (Timestamp format)` Output only. Represents time when the execution was acknowledged by the execution controller. It is not guaranteed to be set in happens-before order across separate operations.
`deleteTime`	`string (Timestamp format)` Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.
`etag`	`string` Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`expireTime`	`string (Timestamp format)` Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.
`failedCount`	`integer (int32 format)` Output only. The number of tasks which reached phase Failed.
`generation`	`string (int64 format)` Output only. A number that monotonically increases every time the user modifies the desired state.
`job`	`string` Output only. The name of the parent Job.
`labels`	`map (key: string, value: string)` Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels
`launchStage`	`enum` The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports `ALPHA`, `BETA`, and `GA`. Note that this value might not be what was used as input. For example, if ALPHA was provided as input in the parent resource, but only BETA and GA-level features are were, this field will be BETA.
Enum type. Can be one of the following:
`LAUNCH_STAGE_UNSPECIFIED`	Do not use this default value.
`UNIMPLEMENTED`	The feature is not yet implemented. Users can not use it.
`PRELAUNCH`	Prelaunch features are hidden from users and are only visible internally.
`EARLY_ACCESS`	Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
`ALPHA`	Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
`BETA`	Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
`GA`	GA features are open to all developers and are considered stable and fully qualified for production use.
`DEPRECATED`	Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation.

`logUri`	`string` Output only. URI where logs for this execution can be found in Cloud Console.
`name`	`string` Output only. The unique name of this Execution.
`observedGeneration`	`string (int64 format)` Output only. The generation of this Execution. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`parallelism`	`integer (int32 format)` Output only. Specifies the maximum desired number of tasks the execution should run at any given time. Must be <= task_count. The actual number of tasks running in steady state will be less than this number when ((.spec.task_count - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism.
`reconciling`	`boolean` Output only. Indicates whether the resource's reconciliation is still in progress. See comments in `Job.reconciling` for additional information on reconciliation process in Cloud Run.
`retriedCount`	`integer (int32 format)` Output only. The number of tasks which have retried at least once.
`runningCount`	`integer (int32 format)` Output only. The number of actively running tasks.
`satisfiesPzs`	`boolean` Output only. Reserved for future use.
`startTime`	`string (Timestamp format)` Output only. Represents time when the execution started to run. It is not guaranteed to be set in happens-before order across separate operations.
`succeededCount`	`integer (int32 format)` Output only. The number of tasks which reached phase Succeeded.
`taskCount`	`integer (int32 format)` Output only. Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution.
`template`	`object (GoogleCloudRunV2TaskTemplate)` Output only. The template used to create tasks for this execution.
`uid`	`string` Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.
`updateTime`	`string (Timestamp format)` Output only. The last-modified time.

GoogleCloudRunV2ExecutionReference

Reference to an Execution. Use /Executions.GetExecution with the given name to get full execution including the latest status.

Fields

Fields
`completionTime`	`string (Timestamp format)` Creation timestamp of the execution.
`createTime`	`string (Timestamp format)` Creation timestamp of the execution.
`name`	`string` Name of the execution.

completionTime

string (Timestamp format)

Creation timestamp of the execution.

createTime

string (Timestamp format)

Creation timestamp of the execution.

name

string

Name of the execution.

GoogleCloudRunV2ExecutionTemplate

ExecutionTemplate describes the data an execution should have when created from a template.

Fields
`annotations`	`map (key: string, value: string)` Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 ExecutionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules.
`labels`	`map (key: string, value: string)` Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 ExecutionTemplate.
`parallelism`	`integer (int32 format)` Specifies the maximum desired number of tasks the execution should run at given time. Must be <= task_count. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism.
`taskCount`	`integer (int32 format)` Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. Defaults to 1.
`template`	`object (GoogleCloudRunV2TaskTemplate)` Required. Describes the task(s) that will be created when executing an execution.

GoogleCloudRunV2GRPCAction

GRPCAction describes an action involving a GRPC port.

Fields

Fields
`port`	`integer (int32 format)` Port number of the gRPC service. Number must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.
`service`	`string` Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ). If this is not specified, the default behavior is defined by gRPC.

port

integer (int32 format)

Port number of the gRPC service. Number must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

service

string

Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ). If this is not specified, the default behavior is defined by gRPC.

GoogleCloudRunV2HTTPGetAction

HTTPGetAction describes an action based on HTTP Get requests.

Fields

Fields
`httpHeaders[]`	`object (GoogleCloudRunV2HTTPHeader)` Custom headers to set in the request. HTTP allows repeated headers.
`path`	`string` Path to access on the HTTP server. Defaults to '/'.
`port`	`integer (int32 format)` Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

httpHeaders[]

object (GoogleCloudRunV2HTTPHeader)

Custom headers to set in the request. HTTP allows repeated headers.

path

string

Path to access on the HTTP server. Defaults to '/'.

port

integer (int32 format)

Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

GoogleCloudRunV2HTTPHeader

HTTPHeader describes a custom header to be used in HTTP probes

Fields

Fields
`name`	`string` Required. The header field name
`value`	`string` The header field value

name

string

Required. The header field name

value

string

The header field value

GoogleCloudRunV2Job

Job represents the configuration of a single job, which references a container image that is run to completion.

Fields
`annotations`	`map (key: string, value: string)` Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected on new resources. All system annotations in v1 now have a corresponding field in v2 Job. This field follows Kubernetes annotations' namespacing, limits, and rules.
`binaryAuthorization`	`object (GoogleCloudRunV2BinaryAuthorization)` Settings for the Binary Authorization feature.
`client`	`string` Arbitrary identifier for the API client.
`clientVersion`	`string` Arbitrary version identifier for the API client.
`conditions[]`	`object (GoogleCloudRunV2Condition)` Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`createTime`	`string (Timestamp format)` Output only. The creation time.
`creator`	`string` Output only. Email address of the authenticated creator.
`deleteTime`	`string (Timestamp format)` Output only. The deletion time.
`etag`	`string` Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`executionCount`	`integer (int32 format)` Output only. Number of executions created for this job.
`expireTime`	`string (Timestamp format)` Output only. For a deleted resource, the time after which it will be permamently deleted.
`generation`	`string (int64 format)` Output only. A number that monotonically increases every time the user modifies the desired state.
`labels`	`map (key: string, value: string)` Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 Job.
`lastModifier`	`string` Output only. Email address of the last authenticated modifier.
`latestCreatedExecution`	`object (GoogleCloudRunV2ExecutionReference)` Output only. Name of the last created execution.
`launchStage`	`enum` The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output.
Enum type. Can be one of the following:
`LAUNCH_STAGE_UNSPECIFIED`	Do not use this default value.
`UNIMPLEMENTED`	The feature is not yet implemented. Users can not use it.
`PRELAUNCH`	Prelaunch features are hidden from users and are only visible internally.
`EARLY_ACCESS`	Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
`ALPHA`	Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
`BETA`	Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
`GA`	GA features are open to all developers and are considered stable and fully qualified for production use.
`DEPRECATED`	Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation.

`name`	`string` The fully qualified name of this Job. Format: projects/{project}/locations/{location}/jobs/{job}
`observedGeneration`	`string (int64 format)` Output only. The generation of this Job. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`reconciling`	`boolean` Output only. Returns true if the Job is currently being acted upon by the system to bring it into the desired state. When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, `observed_generation` and `latest_succeeded_execution`, will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the state matches the Job, or there was an error, and reconciliation failed. This state can be found in `terminal_condition.state`. If reconciliation succeeded, the following fields will match: `observed_generation` and `generation`, `latest_succeeded_execution` and `latest_created_execution`. If reconciliation failed, `observed_generation` and `latest_succeeded_execution` will have the state of the last succeeded execution or empty for newly created Job. Additional information on the failure can be found in `terminal_condition` and `conditions`.
`satisfiesPzs`	`boolean` Output only. Reserved for future use.
`template`	`object (GoogleCloudRunV2ExecutionTemplate)` Required. The template used to create executions for this Job.
`terminalCondition`	`object (GoogleCloudRunV2Condition)` Output only. The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state.
`uid`	`string` Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.
`updateTime`	`string (Timestamp format)` Output only. The last-modified time.

GoogleCloudRunV2ListExecutionsResponse

Response message containing a list of Executions.

Fields

Fields
`executions[]`	`object (GoogleCloudRunV2Execution)` The resulting list of Executions.
`nextPageToken`	`string` A token indicating there are more items than page_size. Use it in the next ListExecutions request to continue.

executions[]

object (GoogleCloudRunV2Execution)

The resulting list of Executions.

nextPageToken

string

A token indicating there are more items than page_size. Use it in the next ListExecutions request to continue.

GoogleCloudRunV2ListJobsResponse

Response message containing a list of Jobs.

Fields

Fields
`jobs[]`	`object (GoogleCloudRunV2Job)` The resulting list of Jobs.
`nextPageToken`	`string` A token indicating there are more items than page_size. Use it in the next ListJobs request to continue.

jobs[]

object (GoogleCloudRunV2Job)

The resulting list of Jobs.

nextPageToken

string

A token indicating there are more items than page_size. Use it in the next ListJobs request to continue.

GoogleCloudRunV2ListRevisionsResponse

Response message containing a list of Revisions.

Fields

Fields
`nextPageToken`	`string` A token indicating there are more items than page_size. Use it in the next ListRevisions request to continue.
`revisions[]`	`object (GoogleCloudRunV2Revision)` The resulting list of Revisions.

nextPageToken

string

A token indicating there are more items than page_size. Use it in the next ListRevisions request to continue.

revisions[]

object (GoogleCloudRunV2Revision)

The resulting list of Revisions.

GoogleCloudRunV2ListServicesResponse

Response message containing a list of Services.

Fields

Fields
`nextPageToken`	`string` A token indicating there are more items than page_size. Use it in the next ListServices request to continue.
`services[]`	`object (GoogleCloudRunV2Service)` The resulting list of Services.

nextPageToken

string

A token indicating there are more items than page_size. Use it in the next ListServices request to continue.

services[]

object (GoogleCloudRunV2Service)

The resulting list of Services.

GoogleCloudRunV2ListTasksResponse

Response message containing a list of Tasks.

Fields

Fields
`nextPageToken`	`string` A token indicating there are more items than page_size. Use it in the next ListTasks request to continue.
`tasks[]`	`object (GoogleCloudRunV2Task)` The resulting list of Tasks.

nextPageToken

string

A token indicating there are more items than page_size. Use it in the next ListTasks request to continue.

tasks[]

object (GoogleCloudRunV2Task)

The resulting list of Tasks.

GoogleCloudRunV2NetworkInterface

Direct VPC egress settings.

Fields

Fields
`network`	`string` The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork.
`subnetwork`	`string` The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.
`tags[]`	`string` Network tags applied to this Cloud Run resource.

network

string

The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork.

subnetwork

string

The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used.

tags[]

string

Network tags applied to this Cloud Run resource.

GoogleCloudRunV2Probe

Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.

Fields
`failureThreshold`	`integer (int32 format)` Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1.
`grpc`	`object (GoogleCloudRunV2GRPCAction)` GRPC specifies an action involving a gRPC port. Exactly one of httpGet, tcpSocket, or grpc must be specified.
`httpGet`	`object (GoogleCloudRunV2HTTPGetAction)` HTTPGet specifies the http request to perform. Exactly one of httpGet, tcpSocket, or grpc must be specified.
`initialDelaySeconds`	`integer (int32 format)` Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240.
`periodSeconds`	`integer (int32 format)` How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds.
`tcpSocket`	`object (GoogleCloudRunV2TCPSocketAction)` TCPSocket specifies an action involving a TCP port. Exactly one of httpGet, tcpSocket, or grpc must be specified.
`timeoutSeconds`	`integer (int32 format)` Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds.

GoogleCloudRunV2ResourceRequirements

ResourceRequirements describes the compute resource requirements.

Fields

Fields
`cpuIdle`	`boolean` Determines whether CPU should be throttled or not outside of requests.
`limits`	`map (key: string, value: string)` Only ´memory´ and 'cpu' are supported. Notes: * The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. For more information, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits
`startupCpuBoost`	`boolean` Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.

cpuIdle

boolean

Determines whether CPU should be throttled or not outside of requests.

limits

map (key: string, value: string)

Only ´memory´ and 'cpu' are supported. Notes: * The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. For more information, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits

startupCpuBoost

boolean

Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency.

GoogleCloudRunV2Revision

A Revision is an immutable snapshot of code and configuration. A Revision references a container image. Revisions are only created by updates to its parent Service.

Fields
`annotations`	`map (key: string, value: string)` Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.
`conditions[]`	`object (GoogleCloudRunV2Condition)` Output only. The Condition of this Revision, containing its readiness status, and detailed error information in case it did not reach a serving state.
`containers[]`	`object (GoogleCloudRunV2Container)` Holds the single container that defines the unit of execution for this Revision.
`createTime`	`string (Timestamp format)` Output only. The creation time.
`deleteTime`	`string (Timestamp format)` Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.
`encryptionKey`	`string` A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
`encryptionKeyRevocationAction`	`enum` The action to take if the encryption key is revoked.
Enum type. Can be one of the following:
`ENCRYPTION_KEY_REVOCATION_ACTION_UNSPECIFIED`	Unspecified
`PREVENT_NEW`	Prevents the creation of new instances.
`SHUTDOWN`	Shuts down existing instances, and prevents creation of new ones.

`encryptionKeyShutdownDuration`	`string (Duration format)` If encryption_key_revocation_action is SHUTDOWN, the duration before shutting down all instances. The minimum increment is 1 hour.
`etag`	`string` Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`executionEnvironment`	`enum` The execution environment being used to host this Revision.
Enum type. Can be one of the following:
`EXECUTION_ENVIRONMENT_UNSPECIFIED`	Unspecified
`EXECUTION_ENVIRONMENT_GEN1`	Uses the First Generation environment.
`EXECUTION_ENVIRONMENT_GEN2`	Uses Second Generation environment.

`expireTime`	`string (Timestamp format)` Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.
`generation`	`string (int64 format)` Output only. A number that monotonically increases every time the user modifies the desired state.
`labels`	`map (key: string, value: string)` Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels.
`launchStage`	`enum` The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports `ALPHA`, `BETA`, and `GA`. Note that this value might not be what was used as input. For example, if ALPHA was provided as input in the parent resource, but only BETA and GA-level features are were, this field will be BETA.
Enum type. Can be one of the following:
`LAUNCH_STAGE_UNSPECIFIED`	Do not use this default value.
`UNIMPLEMENTED`	The feature is not yet implemented. Users can not use it.
`PRELAUNCH`	Prelaunch features are hidden from users and are only visible internally.
`EARLY_ACCESS`	Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
`ALPHA`	Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
`BETA`	Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
`GA`	GA features are open to all developers and are considered stable and fully qualified for production use.
`DEPRECATED`	Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation.

`logUri`	`string` Output only. The Google Console URI to obtain logs for the Revision.
`maxInstanceRequestConcurrency`	`integer (int32 format)` Sets the maximum number of requests that each serving instance can receive.
`name`	`string` Output only. The unique name of this Revision.
`observedGeneration`	`string (int64 format)` Output only. The generation of this Revision currently serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`reconciling`	`boolean` Output only. Indicates whether the resource's reconciliation is still in progress. See comments in `Service.reconciling` for additional information on reconciliation process in Cloud Run.
`satisfiesPzs`	`boolean` Output only. Reserved for future use.
`scaling`	`object (GoogleCloudRunV2RevisionScaling)` Scaling settings for this revision.
`service`	`string` Output only. The name of the parent service.
`serviceAccount`	`string` Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has.
`sessionAffinity`	`boolean` Enable session affinity.
`timeout`	`string (Duration format)` Max allowed time for an instance to respond to a request.
`uid`	`string` Output only. Server assigned unique identifier for the Revision. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.
`updateTime`	`string (Timestamp format)` Output only. The last-modified time.
`volumes[]`	`object (GoogleCloudRunV2Volume)` A list of Volumes to make available to containers.
`vpcAccess`	`object (GoogleCloudRunV2VpcAccess)` VPC Access configuration for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

GoogleCloudRunV2RevisionScaling

Settings for revision-level scaling settings.

Fields

Fields
`maxInstanceCount`	`integer (int32 format)` Maximum number of serving instances that this resource should have.
`minInstanceCount`	`integer (int32 format)` Minimum number of serving instances that this resource should have.

maxInstanceCount

integer (int32 format)

Maximum number of serving instances that this resource should have.

minInstanceCount

integer (int32 format)

Minimum number of serving instances that this resource should have.

GoogleCloudRunV2RevisionTemplate

RevisionTemplate describes the data a revision should have when created from a template.

Fields
`annotations`	`map (key: string, value: string)` Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system annotations in v1 now have a corresponding field in v2 RevisionTemplate. This field follows Kubernetes annotations' namespacing, limits, and rules.
`containers[]`	`object (GoogleCloudRunV2Container)` Holds the single container that defines the unit of execution for this Revision.
`encryptionKey`	`string` A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
`executionEnvironment`	`enum` The sandbox environment to host this Revision.
Enum type. Can be one of the following:
`EXECUTION_ENVIRONMENT_UNSPECIFIED`	Unspecified
`EXECUTION_ENVIRONMENT_GEN1`	Uses the First Generation environment.
`EXECUTION_ENVIRONMENT_GEN2`	Uses Second Generation environment.

`labels`	`map (key: string, value: string)` Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 RevisionTemplate.
`maxInstanceRequestConcurrency`	`integer (int32 format)` Sets the maximum number of requests that each serving instance can receive.
`revision`	`string` The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name.
`scaling`	`object (GoogleCloudRunV2RevisionScaling)` Scaling settings for this Revision.
`serviceAccount`	`string` Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account.
`sessionAffinity`	`boolean` Enable session affinity.
`timeout`	`string (Duration format)` Max allowed time for an instance to respond to a request.
`volumes[]`	`object (GoogleCloudRunV2Volume)` A list of Volumes to make available to containers.
`vpcAccess`	`object (GoogleCloudRunV2VpcAccess)` VPC Access configuration to use for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

GoogleCloudRunV2RunJobRequest

Request message to create a new Execution of a Job.

Fields

Fields
`etag`	`string` A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`validateOnly`	`boolean` Indicates that the request should be validated without actually deleting any resources.

etag

string

A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.

validateOnly

boolean

Indicates that the request should be validated without actually deleting any resources.

GoogleCloudRunV2SecretKeySelector

SecretEnvVarSource represents a source for the value of an EnvVar.

Fields

Fields
`secret`	`string` Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project.
`version`	`string` The Cloud Secret Manager secret version. Can be 'latest' for the latest version, an integer for a specific version, or a version alias.

secret

string

Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project.

version

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest version, an integer for a specific version, or a version alias.

GoogleCloudRunV2SecretVolumeSource

The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret.

Fields

Fields
`defaultMode`	`integer (int32 format)` Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. This might be in conflict with other options that affect the file mode, like fsGroup, and as a result, other mode bits could be set.
`items[]`	`object (GoogleCloudRunV2VersionToPath)` If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.
`secret`	`string` Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.

defaultMode

integer (int32 format)

Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. This might be in conflict with other options that affect the file mode, like fsGroup, and as a result, other mode bits could be set.

items[]

object (GoogleCloudRunV2VersionToPath)

If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version.

secret

string

Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project.

GoogleCloudRunV2Service

Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership.

Fields
`annotations`	`map (key: string, value: string)` Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected in new resources. All system annotations in v1 now have a corresponding field in v2 Service. This field follows Kubernetes annotations' namespacing, limits, and rules.
`binaryAuthorization`	`object (GoogleCloudRunV2BinaryAuthorization)` Settings for the Binary Authorization feature.
`client`	`string` Arbitrary identifier for the API client.
`clientVersion`	`string` Arbitrary version identifier for the API client.
`conditions[]`	`object (GoogleCloudRunV2Condition)` Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`createTime`	`string (Timestamp format)` Output only. The creation time.
`creator`	`string` Output only. Email address of the authenticated creator.
`customAudiences[]`	`string` One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences.
`deleteTime`	`string (Timestamp format)` Output only. The deletion time.
`description`	`string` User-provided description of the Service. This field currently has a 512-character limit.
`etag`	`string` Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`expireTime`	`string (Timestamp format)` Output only. For a deleted resource, the time after which it will be permamently deleted.
`generation`	`string (int64 format)` Output only. A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a `string` instead of an `integer`.
`ingress`	`enum` Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active.
Enum type. Can be one of the following:
`INGRESS_TRAFFIC_UNSPECIFIED`	Unspecified
`INGRESS_TRAFFIC_ALL`	All inbound traffic is allowed.
`INGRESS_TRAFFIC_INTERNAL_ONLY`	Only internal traffic is allowed.
`INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER`	Both internal and Google Cloud Load Balancer traffic is allowed.

`labels`	`map (key: string, value: string)` Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with `run.googleapis.com`, `cloud.googleapis.com`, `serving.knative.dev`, or `autoscaling.knative.dev` namespaces, and they will be rejected. All system labels in v1 now have a corresponding field in v2 Service.
`lastModifier`	`string` Output only. Email address of the last authenticated modifier.
`latestCreatedRevision`	`string` Output only. Name of the last created revision. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`latestReadyRevision`	`string` Output only. Name of the latest revision that is serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`launchStage`	`enum` The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports `ALPHA`, `BETA`, and `GA`. If no value is specified, GA is assumed. Set the launch stage to a preview stage on input to allow use of preview features in that stage. On read (or output), describes whether the resource uses preview features. For example, if ALPHA is provided as input, but only BETA and GA-level features are used, this field will be BETA on output.
Enum type. Can be one of the following:
`LAUNCH_STAGE_UNSPECIFIED`	Do not use this default value.
`UNIMPLEMENTED`	The feature is not yet implemented. Users can not use it.
`PRELAUNCH`	Prelaunch features are hidden from users and are only visible internally.
`EARLY_ACCESS`	Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released.
`ALPHA`	Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases.
`BETA`	Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases.
`GA`	GA features are open to all developers and are considered stable and fully qualified for production use.
`DEPRECATED`	Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation.

`name`	`string` The fully qualified name of this Service. In CreateServiceRequest, this field is ignored, and instead composed from CreateServiceRequest.parent and CreateServiceRequest.service_id. Format: projects/{project}/locations/{location}/services/{service_id}
`observedGeneration`	`string (int64 format)` Output only. The generation of this Service currently serving traffic. See comments in `reconciling` for additional information on reconciliation process in Cloud Run. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a `string` instead of an `integer`.
`reconciling`	`boolean` Output only. Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, `observed_generation`, `latest_ready_revison`, `traffic_statuses`, and `uri` will have transient values that might mismatch the intended state: Once reconciliation is over (and this field is false), there are two possible outcomes: reconciliation succeeded and the serving state matches the Service, or there was an error, and reconciliation failed. This state can be found in `terminal_condition.state`. If reconciliation succeeded, the following fields will match: `traffic` and `traffic_statuses`, `observed_generation` and `generation`, `latest_ready_revision` and `latest_created_revision`. If reconciliation failed, `traffic_statuses`, `observed_generation`, and `latest_ready_revision` will have the state of the last serving revision, or empty for newly created Services. Additional information on the failure can be found in `terminal_condition` and `conditions`.
`satisfiesPzs`	`boolean` Output only. Reserved for future use.
`template`	`object (GoogleCloudRunV2RevisionTemplate)` Required. The template used to create revisions for this Service.
`terminalCondition`	`object (GoogleCloudRunV2Condition)` Output only. The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`traffic[]`	`object (GoogleCloudRunV2TrafficTarget)` Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest `Ready` Revision.
`trafficStatuses[]`	`object (GoogleCloudRunV2TrafficTargetStatus)` Output only. Detailed status information for corresponding traffic targets. See comments in `reconciling` for additional information on reconciliation process in Cloud Run.
`trafficTagsCleanupThreshold`	`string (int64 format)` Optional. Override the traffic tag threshold limit. Garbage collection will start cleaning up non-serving tagged traffic targets based on creation item. The default value is 2000.
`uid`	`string` Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.
`updateTime`	`string (Timestamp format)` Output only. The last-modified time.
`uri`	`string` Output only. The main URI in which this Service is serving traffic.

GoogleCloudRunV2TCPSocketAction

TCPSocketAction describes an action based on opening a socket

Fields

Fields
`port`	`integer (int32 format)` Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

port

integer (int32 format)

Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort.

GoogleCloudRunV2Task

Task represents a single run of a container to completion.

Fields
`annotations`	`map (key: string, value: string)` Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects.
`completionTime`	`string (Timestamp format)` Output only. Represents time when the Task was completed. It is not guaranteed to be set in happens-before order across separate operations.
`conditions[]`	`object (GoogleCloudRunV2Condition)` Output only. The Condition of this Task, containing its readiness status, and detailed error information in case it did not reach the desired state.
`containers[]`	`object (GoogleCloudRunV2Container)` Holds the single container that defines the unit of execution for this task.
`createTime`	`string (Timestamp format)` Output only. Represents time when the task was created by the system. It is not guaranteed to be set in happens-before order across separate operations.
`deleteTime`	`string (Timestamp format)` Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request.
`encryptionKey`	`string` Output only. A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
`etag`	`string` Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates.
`execution`	`string` Output only. The name of the parent Execution.
`executionEnvironment`	`enum` The execution environment being used to host this Task.
Enum type. Can be one of the following:
`EXECUTION_ENVIRONMENT_UNSPECIFIED`	Unspecified
`EXECUTION_ENVIRONMENT_GEN1`	Uses the First Generation environment.
`EXECUTION_ENVIRONMENT_GEN2`	Uses Second Generation environment.

`expireTime`	`string (Timestamp format)` Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request.
`generation`	`string (int64 format)` Output only. A number that monotonically increases every time the user modifies the desired state.
`index`	`integer (int32 format)` Output only. Index of the Task, unique per execution, and beginning at 0.
`job`	`string` Output only. The name of the parent Job.
`labels`	`map (key: string, value: string)` Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels
`lastAttemptResult`	`object (GoogleCloudRunV2TaskAttemptResult)` Output only. Result of the last attempt of this Task.
`logUri`	`string` Output only. URI where logs for this execution can be found in Cloud Console.
`maxRetries`	`integer (int32 format)` Number of retries allowed per Task, before marking this Task failed.
`name`	`string` Output only. The unique name of this Task.
`observedGeneration`	`string (int64 format)` Output only. The generation of this Task. See comments in `Job.reconciling` for additional information on reconciliation process in Cloud Run.
`reconciling`	`boolean` Output only. Indicates whether the resource's reconciliation is still in progress. See comments in `Job.reconciling` for additional information on reconciliation process in Cloud Run.
`retried`	`integer (int32 format)` Output only. The number of times this Task was retried. Tasks are retried when they fail up to the maxRetries limit.
`satisfiesPzs`	`boolean` Output only. Reserved for future use.
`scheduledTime`	`string (Timestamp format)` Output only. Represents time when the task was scheduled to run by the system. It is not guaranteed to be set in happens-before order across separate operations.
`serviceAccount`	`string` Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.
`startTime`	`string (Timestamp format)` Output only. Represents time when the task started to run. It is not guaranteed to be set in happens-before order across separate operations.
`timeout`	`string (Duration format)` Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout.
`uid`	`string` Output only. Server assigned unique identifier for the Task. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted.
`updateTime`	`string (Timestamp format)` Output only. The last-modified time.
`volumes[]`	`object (GoogleCloudRunV2Volume)` A list of Volumes to make available to containers.
`vpcAccess`	`object (GoogleCloudRunV2VpcAccess)` Output only. VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

GoogleCloudRunV2TaskAttemptResult

Result of a task attempt.

Fields

Fields
`exitCode`	`integer (int32 format)` Output only. The exit code of this attempt. This may be unset if the container was unable to exit cleanly with a code due to some other failure. See status field for possible failure details.
`status`	`object (GoogleRpcStatus)` Output only. The status of this attempt. If the status code is OK, then the attempt succeeded.

exitCode

integer (int32 format)

Output only. The exit code of this attempt. This may be unset if the container was unable to exit cleanly with a code due to some other failure. See status field for possible failure details.

status

object (GoogleRpcStatus)

Output only. The status of this attempt. If the status code is OK, then the attempt succeeded.

GoogleCloudRunV2TaskTemplate

TaskTemplate describes the data a task should have when created from a template.

Fields
`containers[]`	`object (GoogleCloudRunV2Container)` Holds the single container that defines the unit of execution for this task.
`encryptionKey`	`string` A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek
`executionEnvironment`	`enum` The execution environment being used to host this Task.
Enum type. Can be one of the following:
`EXECUTION_ENVIRONMENT_UNSPECIFIED`	Unspecified
`EXECUTION_ENVIRONMENT_GEN1`	Uses the First Generation environment.
`EXECUTION_ENVIRONMENT_GEN2`	Uses Second Generation environment.

`maxRetries`	`integer (int32 format)` Number of retries allowed per Task, before marking this Task failed. Defaults to 3.
`serviceAccount`	`string` Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account.
`timeout`	`string (Duration format)` Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. Defaults to 600 seconds.
`volumes[]`	`object (GoogleCloudRunV2Volume)` A list of Volumes to make available to containers.
`vpcAccess`	`object (GoogleCloudRunV2VpcAccess)` VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

GoogleCloudRunV2TrafficTarget

Holds a single traffic routing entry for the Service. Allocations can be done to a specific Revision name, or pointing to the latest Ready Revision.

Fields
`percent`	`integer (int32 format)` Specifies percent of the traffic to this Revision. This defaults to zero if unspecified.
`revision`	`string` Revision to which to send this portion of traffic, if traffic allocation is by revision.
`tag`	`string` Indicates a string to be part of the URI to exclusively reference this target.
`type`	`enum` The allocation type for this traffic target.
Enum type. Can be one of the following:
`TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED`	Unspecified instance allocation type.
`TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST`	Allocates instances to the Service's latest ready Revision.
`TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`	Allocates instances to a Revision by name.

GoogleCloudRunV2TrafficTargetStatus

Represents the observed state of a single TrafficTarget entry.

Fields
`percent`	`integer (int32 format)` Specifies percent of the traffic to this Revision.
`revision`	`string` Revision to which this traffic is sent.
`tag`	`string` Indicates the string used in the URI to exclusively reference this target.
`type`	`enum` The allocation type for this traffic target.
Enum type. Can be one of the following:
`TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED`	Unspecified instance allocation type.
`TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST`	Allocates instances to the Service's latest ready Revision.
`TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION`	Allocates instances to a Revision by name.

`uri`	`string` Displays the target URI.

GoogleCloudRunV2VersionToPath

VersionToPath maps a specific version of a secret to a relative file to mount to, relative to VolumeMount's mount_path.

Fields

Fields
`mode`	`integer (int32 format)` Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.
`path`	`string` Required. The relative path of the secret in the container.
`version`	`string` The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version.

mode

integer (int32 format)

Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.

path

string

Required. The relative path of the secret in the container.

version

string

The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version.

GoogleCloudRunV2Volume

Volume represents a named volume in a container.

Fields
`cloudSqlInstance`	`object (GoogleCloudRunV2CloudSqlInstance)` For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.
`emptyDir`	`object (GoogleCloudRunV2EmptyDirVolumeSource)` Ephemeral storage used as a shared volume.
`name`	`string` Required. Volume's name.
`secret`	`object (GoogleCloudRunV2SecretVolumeSource)` Secret represents a secret that should populate this volume.

GoogleCloudRunV2VolumeMount

VolumeMount describes a mounting of a Volume within a container.

Fields

Fields
`mountPath`	`string` Required. Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be `/cloudsql`. All instances defined in the Volume will be available as `/cloudsql/[instance]`. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run
`name`	`string` Required. This must match the Name of a Volume.

mountPath

string

Required. Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be /cloudsql. All instances defined in the Volume will be available as /cloudsql/[instance]. For more information on Cloud SQL volumes, visit https://cloud.google.com/sql/docs/mysql/connect-run

name

string

Required. This must match the Name of a Volume.

GoogleCloudRunV2VpcAccess

VPC Access settings. For more information on sending traffic to a VPC network, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.

Fields
`connector`	`string` VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. For more information on sending traffic to a VPC network via a connector, visit https://cloud.google.com/run/docs/configuring/vpc-connectors.
`egress`	`enum` Traffic VPC egress settings. If not provided, it defaults to PRIVATE_RANGES_ONLY.
Enum type. Can be one of the following:
`VPC_EGRESS_UNSPECIFIED`	Unspecified
`ALL_TRAFFIC`	All outbound traffic is routed through the VPC connector.
`PRIVATE_RANGES_ONLY`	Only private IP ranges are routed through the VPC connector.

`networkInterfaces[]`	`object (GoogleCloudRunV2NetworkInterface)` Direct VPC egress settings. Currently only single network interface is supported.

GoogleIamV1AuditConfig

Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for both allServices and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com from DATA_READ logging, and aliya@example.com from DATA_WRITE logging.

Fields

Fields
`auditLogConfigs[]`	`object (GoogleIamV1AuditLogConfig)` The configuration for logging of each type of permission.
`service`	`string` Specifies a service that will be enabled for audit logging. For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. `allServices` is a special value that covers all services.

auditLogConfigs[]

object (GoogleIamV1AuditLogConfig)

The configuration for logging of each type of permission.

service

string

Specifies a service that will be enabled for audit logging. For example, storage.googleapis.com, cloudsql.googleapis.com. allServices is a special value that covers all services.

GoogleIamV1AuditLogConfig

Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.

Fields
`exemptedMembers[]`	`string` Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members.
`logType`	`enum` The log type that this config enables.
Enum type. Can be one of the following:
`LOG_TYPE_UNSPECIFIED`	Default case. Should never be this.
`ADMIN_READ`	Admin reads. Example: CloudIAM getIamPolicy
`DATA_WRITE`	Data writes. Example: CloudSQL Users create
`DATA_READ`	Data reads. Example: CloudSQL Users list

GoogleIamV1Binding

Associates members, or principals, with a role.

Fields

Fields
`condition`	`object (GoogleTypeExpr)` The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.
`members[]`	`string` Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a Kubernetes service account. For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
`role`	`string` Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

condition

object (GoogleTypeExpr)

The condition that is associated with this binding. If the condition evaluates to true, then this binding applies to the current request. If the condition evaluates to false, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the IAM documentation.

members[]

string

Specifies the principals requesting access for a Google Cloud resource. members can have the following values: * allUsers: A special identifier that represents anyone who is on the internet; with or without a Google account. * allAuthenticatedUsers: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * user:{emailid}: An email address that represents a specific Google account. For example, alice@example.com . * serviceAccount:{emailid}: An email address that represents a Google service account. For example, my-other-app@appspot.gserviceaccount.com. * serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]: An identifier for a Kubernetes service account. For example, my-project.svc.id.goog[my-namespace/my-kubernetes-sa]. * group:{emailid}: An email address that represents a Google group. For example, admins@example.com. * domain:{domain}: The G Suite domain (primary) that represents all the users of that domain. For example, google.com or example.com. * deleted:user:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a user that has been recently deleted. For example, alice@example.com?uid=123456789012345678901. If the user is recovered, this value reverts to user:{emailid} and the recovered user retains the role in the binding. * deleted:serviceAccount:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901. If the service account is undeleted, this value reverts to serviceAccount:{emailid} and the undeleted service account retains the role in the binding. * deleted:group:{emailid}?uid={uniqueid}: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, admins@example.com?uid=123456789012345678901. If the group is recovered, this value reverts to group:{emailid} and the recovered group retains the role in the binding.

role

string

Role that is assigned to the list of members, or principals. For example, roles/viewer, roles/editor, or roles/owner.

GoogleIamV1Policy

An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example:

{ "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }

YAML example:

bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3

For a description of IAM and its features, see the IAM documentation.

Fields
`auditConfigs[]`	`object (GoogleIamV1AuditConfig)` Specifies cloud audit logging configuration for this policy.
`bindings[]`	`object (GoogleIamV1Binding)` Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
`etag`	`string (bytes format)` `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. Important: If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
`version`	`integer (int32 format)` Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions Important: If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the IAM documentation.

GoogleIamV1SetIamPolicyRequest

Request message for SetIamPolicy method.

Fields

Fields
`policy`	`object (GoogleIamV1Policy)` REQUIRED: The complete policy to be applied to the `resource`. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.
`updateMask`	`string (FieldMask format)` OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: `paths: "bindings, etag"`

policy

object (GoogleIamV1Policy)

REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Google Cloud services (such as Projects) might reject them.

updateMask

string (FieldMask format)

OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: paths: "bindings, etag"

GoogleIamV1TestIamPermissionsRequest

Request message for TestIamPermissions method.

Fields

Fields
`permissions[]`	`string` The set of permissions to check for the `resource`. Permissions with wildcards (such as `` or `storage.`) are not allowed. For more information see IAM Overview.

permissions[]

string

The set of permissions to check for the resource. Permissions with wildcards (such as * or storage.*) are not allowed. For more information see IAM Overview.

GoogleIamV1TestIamPermissionsResponse

Response message for TestIamPermissions method.

Fields

Fields
`permissions[]`	`string` A subset of `TestPermissionsRequest.permissions` that the caller is allowed.

permissions[]

string

A subset of TestPermissionsRequest.permissions that the caller is allowed.

GoogleLongrunningListOperationsResponse

The response message for Operations.ListOperations.

Fields

Fields
`nextPageToken`	`string` The standard List next-page token.
`operations[]`	`object (GoogleLongrunningOperation)` A list of operations that matches the specified filter in the request.

nextPageToken

string

The standard List next-page token.

operations[]

object (GoogleLongrunningOperation)

A list of operations that matches the specified filter in the request.

GoogleLongrunningOperation

This resource represents a long-running operation that is the result of a network API call.

Fields
`done`	`boolean` If the value is `false`, it means the operation is still in progress. If `true`, the operation is completed, and either `error` or `response` is available.
`error`	`object (GoogleRpcStatus)` The error result of the operation in case of failure or cancellation.
`metadata`	`map (key: string, value: any)` Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any.
`name`	`string` The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the `name` should be a resource name ending with `operations/{unique_id}`.
`response`	`map (key: string, value: any)` The normal, successful response of the operation. If the original method returns no data on success, such as `Delete`, the response is `google.protobuf.Empty`. If the original method is standard `Get`/`Create`/`Update`, the response should be the resource. For other methods, the response should have the type `XxxResponse`, where `Xxx` is the original method name. For example, if the original method name is `TakeSnapshot()`, the inferred response type is `TakeSnapshotResponse`.

GoogleLongrunningWaitOperationRequest

The request message for Operations.WaitOperation.

Fields

timeout

string (Duration format)

The maximum duration to wait before timing out. If left blank, the wait will be at most the time permitted by the underlying HTTP/RPC protocol. If RPC context deadline is also specified, the shorter one will be used.

GoogleRpcStatus

The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.

Fields

code

integer (int32 format)

The status code, which should be an enum value of google.rpc.Code.

details[]

object

A list of messages that carry the error details. There is a common set of message types for APIs to use.

message

string

A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client.

GoogleTypeExpr

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

Fields
`description`	`string` Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
`expression`	`string` Textual representation of an expression in Common Expression Language syntax.
`location`	`string` Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
`title`	`string` Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.