GoogleCloudRunV2BinaryAuthorization
Settings for Binary Authorization feature.Fields | |
---|---|
breakglassJustification |
If present, indicates to use Breakglass using this justification. If use_default is False, then it must be empty. For more information on breakglass, see https://cloud.google.com/binary-authorization/docs/using-breakglass |
useDefault |
If True, indicates to use the default project's binary authorization policy. If False, binary authorization will be disabled. |
GoogleCloudRunV2CancelExecutionRequest
Request message for deleting an Execution.Fields | |
---|---|
etag |
A system-generated fingerprint for this version of the resource. This may be used to detect modification conflict during updates. |
validateOnly |
Indicates that the request should be validated without actually cancelling any resources. |
GoogleCloudRunV2CloudSqlInstance
Represents a set of Cloud SQL instances. Each one will be available under /cloudsql/[instance]. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run.Fields | |
---|---|
instances[] |
The Cloud SQL instance connection names, as can be found in https://console.cloud.google.com/sql/instances. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. Format: {project}:{location}:{instance} |
GoogleCloudRunV2Condition
Defines a status condition for a resource.Fields | |
---|---|
executionReason |
A reason for the execution condition. |
Enum type. Can be one of the following: | |
EXECUTION_REASON_UNDEFINED |
Default value. |
JOB_STATUS_SERVICE_POLLING_ERROR |
Internal system error getting execution status. System will retry. |
NON_ZERO_EXIT_CODE |
A task reached its retry limit and the last attempt failed due to the user container exiting with a non-zero exit code. |
CANCELLED |
The execution was cancelled by users. |
CANCELLING |
The execution is in the process of being cancelled. |
DELETED |
The execution was deleted. |
lastTransitionTime |
Last time the condition transitioned from one status to another. |
message |
Human readable message indicating details about the current status. |
reason |
A common (service-level) reason for this condition. |
Enum type. Can be one of the following: | |
COMMON_REASON_UNDEFINED |
Default value. |
UNKNOWN |
Reason unknown. Further details will be in message. |
REVISION_FAILED |
Revision creation process failed. |
PROGRESS_DEADLINE_EXCEEDED |
Timed out waiting for completion. |
CONTAINER_MISSING |
The container image path is incorrect. |
CONTAINER_PERMISSION_DENIED |
Insufficient permissions on the container image. |
CONTAINER_IMAGE_UNAUTHORIZED |
Container image is not authorized by policy. |
CONTAINER_IMAGE_AUTHORIZATION_CHECK_FAILED |
Container image policy authorization check failed. |
ENCRYPTION_KEY_PERMISSION_DENIED |
Insufficient permissions on encryption key. |
ENCRYPTION_KEY_CHECK_FAILED |
Permission check on encryption key failed. |
SECRETS_ACCESS_CHECK_FAILED |
At least one Access check on secrets failed. |
WAITING_FOR_OPERATION |
Waiting for operation to complete. |
IMMEDIATE_RETRY |
System will retry immediately. |
POSTPONED_RETRY |
System will retry later; current attempt failed. |
INTERNAL |
An internal error occurred. Further information may be in the message. |
revisionReason |
A reason for the revision condition. |
Enum type. Can be one of the following: | |
REVISION_REASON_UNDEFINED |
Default value. |
PENDING |
Revision in Pending state. |
RESERVE |
Revision is in Reserve state. |
RETIRED |
Revision is Retired. |
RETIRING |
Revision is being retired. |
RECREATING |
Revision is being recreated. |
HEALTH_CHECK_CONTAINER_ERROR |
There was a health check error. |
CUSTOMIZED_PATH_RESPONSE_PENDING |
Health check failed due to user error from customized path of the container. System will retry. |
MIN_INSTANCES_NOT_PROVISIONED |
A revision with min_instance_count > 0 was created and is reserved, but it was not configured to serve traffic, so it's not live. This can also happen momentarily during traffic migration. |
ACTIVE_REVISION_LIMIT_REACHED |
The maximum allowed number of active revisions has been reached. |
NO_DEPLOYMENT |
There was no deployment defined. This value is no longer used, but Services created in older versions of the API might contain this value. |
HEALTH_CHECK_SKIPPED |
A revision's container has no port specified since the revision is of a manually scaled service with 0 instance count |
MIN_INSTANCES_WARMING |
A revision with min_instance_count > 0 was created and is waiting for enough instances to begin a traffic migration. |
severity |
How to interpret failures of this condition, one of Error, Warning, Info |
Enum type. Can be one of the following: | |
SEVERITY_UNSPECIFIED |
Unspecified severity |
ERROR |
Error severity. |
WARNING |
Warning severity. |
INFO |
Info severity. |
state |
State of the condition. |
Enum type. Can be one of the following: | |
STATE_UNSPECIFIED |
The default value. This value is used if the state is omitted. |
CONDITION_PENDING |
Transient state: Reconciliation has not started yet. |
CONDITION_RECONCILING |
Transient state: reconciliation is still in progress. |
CONDITION_FAILED |
Terminal state: Reconciliation did not succeed. |
CONDITION_SUCCEEDED |
Terminal state: Reconciliation completed successfully. |
type |
type is used to communicate the status of the reconciliation process. See also: https://github.com/knative/serving/blob/main/docs/spec/errors.md#error-conditions-and-reporting Types common to all resources include: * "Ready": True when the Resource is ready. |
GoogleCloudRunV2Container
A single application container. This specifies both the container to run, the command to run in the container and the arguments to supply to it. Note that additional arguments can be supplied by the system to the container at runtime.Fields | |
---|---|
args[] |
Arguments to the entrypoint. The docker image's CMD is used if this is not provided. |
command[] |
Entrypoint array. Not executed within a shell. The docker image's ENTRYPOINT is used if this is not provided. |
dependsOn[] |
Names of the containers that must start before this container. |
env[] |
List of environment variables to set in the container. |
image |
Required. Name of the container image in Dockerhub, Google Artifact Registry, or Google Container Registry. If the host is not provided, Dockerhub is assumed. |
livenessProbe |
Periodic probe of container liveness. Container will be restarted if the probe fails. |
name |
Name of the container specified as a DNS_LABEL (RFC 1123). |
ports[] |
List of ports to expose from the container. Only a single port can be specified. The specified ports must be listening on all interfaces (0.0.0.0) within the container to be accessible. If omitted, a port number will be chosen and passed to the container through the PORT environment variable for the container to listen on. |
resources |
Compute Resource requirements by this container. |
startupProbe |
Startup probe of application within the container. All other probes are disabled if a startup probe is provided, until it succeeds. Container will not be added to service endpoints if the probe fails. |
volumeMounts[] |
Volume to mount into the container's filesystem. |
workingDir |
Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. |
GoogleCloudRunV2ContainerPort
ContainerPort represents a network port in a single container.Fields | |
---|---|
containerPort |
Port number the container listens on. This must be a valid TCP port number, 0 < container_port < 65536. |
name |
If specified, used to specify which protocol to use. Allowed values are "http1" and "h2c". |
GoogleCloudRunV2EmptyDirVolumeSource
In memory (tmpfs) ephemeral storage. It is ephemeral in the sense that when the sandbox is taken down, the data is destroyed with it (it does not persist across sandbox runs).Fields | |
---|---|
medium |
The medium on which the data is stored. Acceptable values today is only MEMORY or none. When none, the default will currently be backed by memory but could change over time. +optional |
Enum type. Can be one of the following: | |
MEDIUM_UNSPECIFIED |
When not specified, falls back to the default implementation which is currently in memory (this may change over time). |
MEMORY |
Explicitly set the EmptyDir to be in memory. Uses tmpfs. |
sizeLimit |
Limit on the storage usable by this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers. The default is nil which means that the limit is undefined. More info: https://cloud.google.com/run/docs/configuring/in-memory-volumes#configure-volume. Info in Kubernetes: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir |
GoogleCloudRunV2EnvVar
EnvVar represents an environment variable present in a Container.Fields | |
---|---|
name |
Required. Name of the environment variable. Must be a C_IDENTIFIER, and must not exceed 32768 characters. |
value |
Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any route environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "", and the maximum length is 32768 bytes. |
valueSource |
Source for the environment variable's value. |
GoogleCloudRunV2EnvVarSource
EnvVarSource represents a source for the value of an EnvVar.Fields | |
---|---|
secretKeyRef |
Selects a secret and a specific version from Cloud Secret Manager. |
GoogleCloudRunV2Execution
Execution represents the configuration of a single execution. A execution an immutable resource that references a container image which is run to completion.Fields | |
---|---|
annotations |
Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. |
cancelledCount |
Output only. The number of tasks which reached phase Cancelled. |
completionTime |
Output only. Represents time when the execution was completed. It is not guaranteed to be set in happens-before order across separate operations. |
conditions[] |
Output only. The Condition of this Execution, containing its readiness status, and detailed error information in case it did not reach the desired state. |
createTime |
Output only. Represents time when the execution was acknowledged by the execution controller. It is not guaranteed to be set in happens-before order across separate operations. |
deleteTime |
Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request. |
etag |
Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
expireTime |
Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request. |
failedCount |
Output only. The number of tasks which reached phase Failed. |
generation |
Output only. A number that monotonically increases every time the user modifies the desired state. |
job |
Output only. The name of the parent Job. |
labels |
Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels |
launchStage |
The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports |
Enum type. Can be one of the following: | |
LAUNCH_STAGE_UNSPECIFIED |
Do not use this default value. |
UNIMPLEMENTED |
The feature is not yet implemented. Users can not use it. |
PRELAUNCH |
Prelaunch features are hidden from users and are only visible internally. |
EARLY_ACCESS |
Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released. |
ALPHA |
Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases. |
BETA |
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases. |
GA |
GA features are open to all developers and are considered stable and fully qualified for production use. |
DEPRECATED |
Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation. |
logUri |
Output only. URI where logs for this execution can be found in Cloud Console. |
name |
Output only. The unique name of this Execution. |
observedGeneration |
Output only. The generation of this Execution. See comments in |
parallelism |
Output only. Specifies the maximum desired number of tasks the execution should run at any given time. Must be <= task_count. The actual number of tasks running in steady state will be less than this number when ((.spec.task_count - .status.successful) < .spec.parallelism), i.e. when the work left to do is less than max parallelism. |
reconciling |
Output only. Indicates whether the resource's reconciliation is still in progress. See comments in |
retriedCount |
Output only. The number of tasks which have retried at least once. |
runningCount |
Output only. The number of actively running tasks. |
satisfiesPzs |
Output only. Reserved for future use. |
startTime |
Output only. Represents time when the execution started to run. It is not guaranteed to be set in happens-before order across separate operations. |
succeededCount |
Output only. The number of tasks which reached phase Succeeded. |
taskCount |
Output only. Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. |
template |
Output only. The template used to create tasks for this execution. |
uid |
Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
Output only. The last-modified time. |
GoogleCloudRunV2ExecutionReference
Reference to an Execution. Use /Executions.GetExecution with the given name to get full execution including the latest status.Fields | |
---|---|
completionTime |
Creation timestamp of the execution. |
createTime |
Creation timestamp of the execution. |
name |
Name of the execution. |
GoogleCloudRunV2ExecutionTemplate
ExecutionTemplate describes the data an execution should have when created from a template.Fields | |
---|---|
annotations |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with |
labels |
Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with |
parallelism |
Specifies the maximum desired number of tasks the execution should run at given time. Must be <= task_count. When the job is run, if this field is 0 or unset, the maximum possible value will be used for that execution. The actual number of tasks running in steady state will be less than this number when there are fewer tasks waiting to be completed remaining, i.e. when the work left to do is less than max parallelism. |
taskCount |
Specifies the desired number of tasks the execution should run. Setting to 1 means that parallelism is limited to 1 and the success of that task signals the success of the execution. Defaults to 1. |
template |
Required. Describes the task(s) that will be created when executing an execution. |
GoogleCloudRunV2GRPCAction
GRPCAction describes an action involving a GRPC port.Fields | |
---|---|
port |
Port number of the gRPC service. Number must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort. |
service |
Service is the name of the service to place in the gRPC HealthCheckRequest (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md ). If this is not specified, the default behavior is defined by gRPC. |
GoogleCloudRunV2HTTPGetAction
HTTPGetAction describes an action based on HTTP Get requests.Fields | |
---|---|
httpHeaders[] |
Custom headers to set in the request. HTTP allows repeated headers. |
path |
Path to access on the HTTP server. Defaults to '/'. |
port |
Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort. |
GoogleCloudRunV2HTTPHeader
HTTPHeader describes a custom header to be used in HTTP probesFields | |
---|---|
name |
Required. The header field name |
value |
The header field value |
GoogleCloudRunV2Job
Job represents the configuration of a single job, which references a container image that is run to completion.Fields | |
---|---|
annotations |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with |
binaryAuthorization |
Settings for the Binary Authorization feature. |
client |
Arbitrary identifier for the API client. |
clientVersion |
Arbitrary version identifier for the API client. |
conditions[] |
Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Job does not reach its desired state. See comments in |
createTime |
Output only. The creation time. |
creator |
Output only. Email address of the authenticated creator. |
deleteTime |
Output only. The deletion time. |
etag |
Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
executionCount |
Output only. Number of executions created for this job. |
expireTime |
Output only. For a deleted resource, the time after which it will be permamently deleted. |
generation |
Output only. A number that monotonically increases every time the user modifies the desired state. |
labels |
Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with |
lastModifier |
Output only. Email address of the last authenticated modifier. |
latestCreatedExecution |
Output only. Name of the last created execution. |
launchStage |
The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports |
Enum type. Can be one of the following: | |
LAUNCH_STAGE_UNSPECIFIED |
Do not use this default value. |
UNIMPLEMENTED |
The feature is not yet implemented. Users can not use it. |
PRELAUNCH |
Prelaunch features are hidden from users and are only visible internally. |
EARLY_ACCESS |
Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released. |
ALPHA |
Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases. |
BETA |
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases. |
GA |
GA features are open to all developers and are considered stable and fully qualified for production use. |
DEPRECATED |
Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation. |
name |
The fully qualified name of this Job. Format: projects/{project}/locations/{location}/jobs/{job} |
observedGeneration |
Output only. The generation of this Job. See comments in |
reconciling |
Output only. Returns true if the Job is currently being acted upon by the system to bring it into the desired state. When a new Job is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Job to the desired state. This process is called reconciliation. While reconciliation is in process, |
satisfiesPzs |
Output only. Reserved for future use. |
template |
Required. The template used to create executions for this Job. |
terminalCondition |
Output only. The Condition of this Job, containing its readiness status, and detailed error information in case it did not reach the desired state. |
uid |
Output only. Server assigned unique identifier for the Execution. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
Output only. The last-modified time. |
GoogleCloudRunV2ListExecutionsResponse
Response message containing a list of Executions.Fields | |
---|---|
executions[] |
The resulting list of Executions. |
nextPageToken |
A token indicating there are more items than page_size. Use it in the next ListExecutions request to continue. |
GoogleCloudRunV2ListJobsResponse
Response message containing a list of Jobs.Fields | |
---|---|
jobs[] |
The resulting list of Jobs. |
nextPageToken |
A token indicating there are more items than page_size. Use it in the next ListJobs request to continue. |
GoogleCloudRunV2ListRevisionsResponse
Response message containing a list of Revisions.Fields | |
---|---|
nextPageToken |
A token indicating there are more items than page_size. Use it in the next ListRevisions request to continue. |
revisions[] |
The resulting list of Revisions. |
GoogleCloudRunV2ListServicesResponse
Response message containing a list of Services.Fields | |
---|---|
nextPageToken |
A token indicating there are more items than page_size. Use it in the next ListServices request to continue. |
services[] |
The resulting list of Services. |
GoogleCloudRunV2ListTasksResponse
Response message containing a list of Tasks.Fields | |
---|---|
nextPageToken |
A token indicating there are more items than page_size. Use it in the next ListTasks request to continue. |
tasks[] |
The resulting list of Tasks. |
GoogleCloudRunV2NetworkInterface
Direct VPC egress settings.Fields | |
---|---|
network |
The VPC network that the Cloud Run resource will be able to send traffic to. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If network is not specified, it will be looked up from the subnetwork. |
subnetwork |
The VPC subnetwork that the Cloud Run resource will get IPs from. At least one of network or subnetwork must be specified. If both network and subnetwork are specified, the given VPC subnetwork must belong to the given VPC network. If subnetwork is not specified, the subnetwork with the same name with the network will be used. |
tags[] |
Network tags applied to this Cloud Run resource. |
GoogleCloudRunV2Probe
Probe describes a health check to be performed against a container to determine whether it is alive or ready to receive traffic.Fields | |
---|---|
failureThreshold |
Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. |
grpc |
GRPC specifies an action involving a gRPC port. Exactly one of httpGet, tcpSocket, or grpc must be specified. |
httpGet |
HTTPGet specifies the http request to perform. Exactly one of httpGet, tcpSocket, or grpc must be specified. |
initialDelaySeconds |
Number of seconds after the container has started before the probe is initiated. Defaults to 0 seconds. Minimum value is 0. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. |
periodSeconds |
How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. Maximum value for liveness probe is 3600. Maximum value for startup probe is 240. Must be greater or equal than timeout_seconds. |
tcpSocket |
TCPSocket specifies an action involving a TCP port. Exactly one of httpGet, tcpSocket, or grpc must be specified. |
timeoutSeconds |
Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. Maximum value is 3600. Must be smaller than period_seconds. |
GoogleCloudRunV2ResourceRequirements
ResourceRequirements describes the compute resource requirements.Fields | |
---|---|
cpuIdle |
Determines whether CPU should be throttled or not outside of requests. |
limits |
Only ´memory´ and 'cpu' are supported. Notes: * The only supported values for CPU are '1', '2', '4', and '8'. Setting 4 CPU requires at least 2Gi of memory. For more information, go to https://cloud.google.com/run/docs/configuring/cpu. * For supported 'memory' values and syntax, go to https://cloud.google.com/run/docs/configuring/memory-limits |
startupCpuBoost |
Determines whether CPU should be boosted on startup of a new container instance above the requested CPU threshold, this can help reduce cold-start latency. |
GoogleCloudRunV2Revision
A Revision is an immutable snapshot of code and configuration. A Revision references a container image. Revisions are only created by updates to its parent Service.Fields | |
---|---|
annotations |
Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. |
conditions[] |
Output only. The Condition of this Revision, containing its readiness status, and detailed error information in case it did not reach a serving state. |
containers[] |
Holds the single container that defines the unit of execution for this Revision. |
createTime |
Output only. The creation time. |
deleteTime |
Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request. |
encryptionKey |
A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek |
encryptionKeyRevocationAction |
The action to take if the encryption key is revoked. |
Enum type. Can be one of the following: | |
ENCRYPTION_KEY_REVOCATION_ACTION_UNSPECIFIED |
Unspecified |
PREVENT_NEW |
Prevents the creation of new instances. |
SHUTDOWN |
Shuts down existing instances, and prevents creation of new ones. |
encryptionKeyShutdownDuration |
If encryption_key_revocation_action is SHUTDOWN, the duration before shutting down all instances. The minimum increment is 1 hour. |
etag |
Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
executionEnvironment |
The execution environment being used to host this Revision. |
Enum type. Can be one of the following: | |
EXECUTION_ENVIRONMENT_UNSPECIFIED |
Unspecified |
EXECUTION_ENVIRONMENT_GEN1 |
Uses the First Generation environment. |
EXECUTION_ENVIRONMENT_GEN2 |
Uses Second Generation environment. |
expireTime |
Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request. |
generation |
Output only. A number that monotonically increases every time the user modifies the desired state. |
labels |
Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. |
launchStage |
The least stable launch stage needed to create this resource, as defined by Google Cloud Platform Launch Stages. Cloud Run supports |
Enum type. Can be one of the following: | |
LAUNCH_STAGE_UNSPECIFIED |
Do not use this default value. |
UNIMPLEMENTED |
The feature is not yet implemented. Users can not use it. |
PRELAUNCH |
Prelaunch features are hidden from users and are only visible internally. |
EARLY_ACCESS |
Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released. |
ALPHA |
Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases. |
BETA |
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases. |
GA |
GA features are open to all developers and are considered stable and fully qualified for production use. |
DEPRECATED |
Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation. |
logUri |
Output only. The Google Console URI to obtain logs for the Revision. |
maxInstanceRequestConcurrency |
Sets the maximum number of requests that each serving instance can receive. |
name |
Output only. The unique name of this Revision. |
observedGeneration |
Output only. The generation of this Revision currently serving traffic. See comments in |
reconciling |
Output only. Indicates whether the resource's reconciliation is still in progress. See comments in |
satisfiesPzs |
Output only. Reserved for future use. |
scaling |
Scaling settings for this revision. |
service |
Output only. The name of the parent service. |
serviceAccount |
Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. |
sessionAffinity |
Enable session affinity. |
timeout |
Max allowed time for an instance to respond to a request. |
uid |
Output only. Server assigned unique identifier for the Revision. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
Output only. The last-modified time. |
volumes[] |
A list of Volumes to make available to containers. |
vpcAccess |
VPC Access configuration for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. |
GoogleCloudRunV2RevisionScaling
Settings for revision-level scaling settings.Fields | |
---|---|
maxInstanceCount |
Maximum number of serving instances that this resource should have. |
minInstanceCount |
Minimum number of serving instances that this resource should have. |
GoogleCloudRunV2RevisionTemplate
RevisionTemplate describes the data a revision should have when created from a template.Fields | |
---|---|
annotations |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with |
containers[] |
Holds the single container that defines the unit of execution for this Revision. |
encryptionKey |
A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek |
executionEnvironment |
The sandbox environment to host this Revision. |
Enum type. Can be one of the following: | |
EXECUTION_ENVIRONMENT_UNSPECIFIED |
Unspecified |
EXECUTION_ENVIRONMENT_GEN1 |
Uses the First Generation environment. |
EXECUTION_ENVIRONMENT_GEN2 |
Uses Second Generation environment. |
labels |
Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with |
maxInstanceRequestConcurrency |
Sets the maximum number of requests that each serving instance can receive. |
revision |
The unique name for the revision. If this field is omitted, it will be automatically generated based on the Service name. |
scaling |
Scaling settings for this Revision. |
serviceAccount |
Email address of the IAM service account associated with the revision of the service. The service account represents the identity of the running revision, and determines what permissions the revision has. If not provided, the revision will use the project's default service account. |
sessionAffinity |
Enable session affinity. |
timeout |
Max allowed time for an instance to respond to a request. |
volumes[] |
A list of Volumes to make available to containers. |
vpcAccess |
VPC Access configuration to use for this Revision. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. |
GoogleCloudRunV2RunJobRequest
Request message to create a new Execution of a Job.Fields | |
---|---|
etag |
A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
validateOnly |
Indicates that the request should be validated without actually deleting any resources. |
GoogleCloudRunV2SecretKeySelector
SecretEnvVarSource represents a source for the value of an EnvVar.Fields | |
---|---|
secret |
Required. The name of the secret in Cloud Secret Manager. Format: {secret_name} if the secret is in the same project. projects/{project}/secrets/{secret_name} if the secret is in a different project. |
version |
The Cloud Secret Manager secret version. Can be 'latest' for the latest version, an integer for a specific version, or a version alias. |
GoogleCloudRunV2SecretVolumeSource
The secret's value will be presented as the content of a file whose name is defined in the item path. If no items are defined, the name of the file is the secret.Fields | |
---|---|
defaultMode |
Integer representation of mode bits to use on created files by default. Must be a value between 0000 and 0777 (octal), defaulting to 0444. Directories within the path are not affected by this setting. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. This might be in conflict with other options that affect the file mode, like fsGroup, and as a result, other mode bits could be set. |
items[] |
If unspecified, the volume will expose a file whose name is the secret, relative to VolumeMount.mount_path. If specified, the key will be used as the version to fetch from Cloud Secret Manager and the path will be the name of the file exposed in the volume. When items are defined, they must specify a path and a version. |
secret |
Required. The name of the secret in Cloud Secret Manager. Format: {secret} if the secret is in the same project. projects/{project}/secrets/{secret} if the secret is in a different project. |
GoogleCloudRunV2Service
Service acts as a top-level container that manages a set of configurations and revision templates which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership.Fields | |
---|---|
annotations |
Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. Cloud Run API v2 does not support annotations with |
binaryAuthorization |
Settings for the Binary Authorization feature. |
client |
Arbitrary identifier for the API client. |
clientVersion |
Arbitrary version identifier for the API client. |
conditions[] |
Output only. The Conditions of all other associated sub-resources. They contain additional diagnostics information in case the Service does not reach its Serving state. See comments in |
createTime |
Output only. The creation time. |
creator |
Output only. Email address of the authenticated creator. |
customAudiences[] |
One or more custom audiences that you want this service to support. Specify each custom audience as the full URL in a string. The custom audiences are encoded in the token and used to authenticate requests. For more information, see https://cloud.google.com/run/docs/configuring/custom-audiences. |
deleteTime |
Output only. The deletion time. |
description |
User-provided description of the Service. This field currently has a 512-character limit. |
etag |
Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
expireTime |
Output only. For a deleted resource, the time after which it will be permamently deleted. |
generation |
Output only. A number that monotonically increases every time the user modifies the desired state. Please note that unlike v1, this is an int64 value. As with most Google APIs, its JSON representation will be a |
ingress |
Provides the ingress settings for this Service. On output, returns the currently observed ingress settings, or INGRESS_TRAFFIC_UNSPECIFIED if no revision is active. |
Enum type. Can be one of the following: | |
INGRESS_TRAFFIC_UNSPECIFIED |
Unspecified |
INGRESS_TRAFFIC_ALL |
All inbound traffic is allowed. |
INGRESS_TRAFFIC_INTERNAL_ONLY |
Only internal traffic is allowed. |
INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER |
Both internal and Google Cloud Load Balancer traffic is allowed. |
labels |
Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels. Cloud Run API v2 does not support labels with |
lastModifier |
Output only. Email address of the last authenticated modifier. |
latestCreatedRevision |
Output only. Name of the last created revision. See comments in |
latestReadyRevision |
Output only. Name of the latest revision that is serving traffic. See comments in |
launchStage |
The launch stage as defined by Google Cloud Platform Launch Stages. Cloud Run supports |
Enum type. Can be one of the following: | |
LAUNCH_STAGE_UNSPECIFIED |
Do not use this default value. |
UNIMPLEMENTED |
The feature is not yet implemented. Users can not use it. |
PRELAUNCH |
Prelaunch features are hidden from users and are only visible internally. |
EARLY_ACCESS |
Early Access features are limited to a closed group of testers. To use these features, you must sign up in advance and sign a Trusted Tester agreement (which includes confidentiality provisions). These features may be unstable, changed in backward-incompatible ways, and are not guaranteed to be released. |
ALPHA |
Alpha is a limited availability test for releases before they are cleared for widespread use. By Alpha, all significant design issues are resolved and we are in the process of verifying functionality. Alpha customers need to apply for access, agree to applicable terms, and have their projects allowlisted. Alpha releases don't have to be feature complete, no SLAs are provided, and there are no technical support obligations, but they will be far enough along that customers can actually use them in test environments or for limited-use tests -- just like they would in normal production cases. |
BETA |
Beta is the point at which we are ready to open a release for any customer to use. There are no SLA or technical support obligations in a Beta release. Products will be complete from a feature perspective, but may have some open outstanding issues. Beta releases are suitable for limited production use cases. |
GA |
GA features are open to all developers and are considered stable and fully qualified for production use. |
DEPRECATED |
Deprecated features are scheduled to be shut down and removed. For more information, see the "Deprecation Policy" section of our Terms of Service and the Google Cloud Platform Subject to the Deprecation Policy documentation. |
name |
The fully qualified name of this Service. In CreateServiceRequest, this field is ignored, and instead composed from CreateServiceRequest.parent and CreateServiceRequest.service_id. Format: projects/{project}/locations/{location}/services/{service_id} |
observedGeneration |
Output only. The generation of this Service currently serving traffic. See comments in |
reconciling |
Output only. Returns true if the Service is currently being acted upon by the system to bring it into the desired state. When a new Service is created, or an existing one is updated, Cloud Run will asynchronously perform all necessary steps to bring the Service to the desired serving state. This process is called reconciliation. While reconciliation is in process, |
satisfiesPzs |
Output only. Reserved for future use. |
template |
Required. The template used to create revisions for this Service. |
terminalCondition |
Output only. The Condition of this Service, containing its readiness status, and detailed error information in case it did not reach a serving state. See comments in |
traffic[] |
Specifies how to distribute traffic over a collection of Revisions belonging to the Service. If traffic is empty or not provided, defaults to 100% traffic to the latest |
trafficStatuses[] |
Output only. Detailed status information for corresponding traffic targets. See comments in |
trafficTagsCleanupThreshold |
Optional. Override the traffic tag threshold limit. Garbage collection will start cleaning up non-serving tagged traffic targets based on creation item. The default value is 2000. |
uid |
Output only. Server assigned unique identifier for the trigger. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
Output only. The last-modified time. |
uri |
Output only. The main URI in which this Service is serving traffic. |
GoogleCloudRunV2TCPSocketAction
TCPSocketAction describes an action based on opening a socketFields | |
---|---|
port |
Port number to access on the container. Must be in the range 1 to 65535. If not specified, defaults to the exposed port of the container, which is the value of container.ports[0].containerPort. |
GoogleCloudRunV2Task
Task represents a single run of a container to completion.Fields | |
---|---|
annotations |
Output only. Unstructured key value map that may be set by external tools to store and arbitrary metadata. They are not queryable and should be preserved when modifying objects. |
completionTime |
Output only. Represents time when the Task was completed. It is not guaranteed to be set in happens-before order across separate operations. |
conditions[] |
Output only. The Condition of this Task, containing its readiness status, and detailed error information in case it did not reach the desired state. |
containers[] |
Holds the single container that defines the unit of execution for this task. |
createTime |
Output only. Represents time when the task was created by the system. It is not guaranteed to be set in happens-before order across separate operations. |
deleteTime |
Output only. For a deleted resource, the deletion time. It is only populated as a response to a Delete request. |
encryptionKey |
Output only. A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek |
etag |
Output only. A system-generated fingerprint for this version of the resource. May be used to detect modification conflict during updates. |
execution |
Output only. The name of the parent Execution. |
executionEnvironment |
The execution environment being used to host this Task. |
Enum type. Can be one of the following: | |
EXECUTION_ENVIRONMENT_UNSPECIFIED |
Unspecified |
EXECUTION_ENVIRONMENT_GEN1 |
Uses the First Generation environment. |
EXECUTION_ENVIRONMENT_GEN2 |
Uses Second Generation environment. |
expireTime |
Output only. For a deleted resource, the time after which it will be permamently deleted. It is only populated as a response to a Delete request. |
generation |
Output only. A number that monotonically increases every time the user modifies the desired state. |
index |
Output only. Index of the Task, unique per execution, and beginning at 0. |
job |
Output only. The name of the parent Job. |
labels |
Output only. Unstructured key value map that can be used to organize and categorize objects. User-provided labels are shared with Google's billing system, so they can be used to filter, or break down billing charges by team, component, environment, state, etc. For more information, visit https://cloud.google.com/resource-manager/docs/creating-managing-labels or https://cloud.google.com/run/docs/configuring/labels |
lastAttemptResult |
Output only. Result of the last attempt of this Task. |
logUri |
Output only. URI where logs for this execution can be found in Cloud Console. |
maxRetries |
Number of retries allowed per Task, before marking this Task failed. |
name |
Output only. The unique name of this Task. |
observedGeneration |
Output only. The generation of this Task. See comments in |
reconciling |
Output only. Indicates whether the resource's reconciliation is still in progress. See comments in |
retried |
Output only. The number of times this Task was retried. Tasks are retried when they fail up to the maxRetries limit. |
satisfiesPzs |
Output only. Reserved for future use. |
scheduledTime |
Output only. Represents time when the task was scheduled to run by the system. It is not guaranteed to be set in happens-before order across separate operations. |
serviceAccount |
Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account. |
startTime |
Output only. Represents time when the task started to run. It is not guaranteed to be set in happens-before order across separate operations. |
timeout |
Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. |
uid |
Output only. Server assigned unique identifier for the Task. The value is a UUID4 string and guaranteed to remain unchanged until the resource is deleted. |
updateTime |
Output only. The last-modified time. |
volumes[] |
A list of Volumes to make available to containers. |
vpcAccess |
Output only. VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. |
GoogleCloudRunV2TaskAttemptResult
Result of a task attempt.Fields | |
---|---|
exitCode |
Output only. The exit code of this attempt. This may be unset if the container was unable to exit cleanly with a code due to some other failure. See status field for possible failure details. |
status |
Output only. The status of this attempt. If the status code is OK, then the attempt succeeded. |
GoogleCloudRunV2TaskTemplate
TaskTemplate describes the data a task should have when created from a template.Fields | |
---|---|
containers[] |
Holds the single container that defines the unit of execution for this task. |
encryptionKey |
A reference to a customer managed encryption key (CMEK) to use to encrypt this container image. For more information, go to https://cloud.google.com/run/docs/securing/using-cmek |
executionEnvironment |
The execution environment being used to host this Task. |
Enum type. Can be one of the following: | |
EXECUTION_ENVIRONMENT_UNSPECIFIED |
Unspecified |
EXECUTION_ENVIRONMENT_GEN1 |
Uses the First Generation environment. |
EXECUTION_ENVIRONMENT_GEN2 |
Uses Second Generation environment. |
maxRetries |
Number of retries allowed per Task, before marking this Task failed. Defaults to 3. |
serviceAccount |
Email address of the IAM service account associated with the Task of a Job. The service account represents the identity of the running task, and determines what permissions the task has. If not provided, the task will use the project's default service account. |
timeout |
Max allowed time duration the Task may be active before the system will actively try to mark it failed and kill associated containers. This applies per attempt of a task, meaning each retry can run for the full timeout. Defaults to 600 seconds. |
volumes[] |
A list of Volumes to make available to containers. |
vpcAccess |
VPC Access configuration to use for this Task. For more information, visit https://cloud.google.com/run/docs/configuring/connecting-vpc. |
GoogleCloudRunV2TrafficTarget
Holds a single traffic routing entry for the Service. Allocations can be done to a specific Revision name, or pointing to the latest Ready Revision.Fields | |
---|---|
percent |
Specifies percent of the traffic to this Revision. This defaults to zero if unspecified. |
revision |
Revision to which to send this portion of traffic, if traffic allocation is by revision. |
tag |
Indicates a string to be part of the URI to exclusively reference this target. |
type |
The allocation type for this traffic target. |
Enum type. Can be one of the following: | |
TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED |
Unspecified instance allocation type. |
TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST |
Allocates instances to the Service's latest ready Revision. |
TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION |
Allocates instances to a Revision by name. |
GoogleCloudRunV2TrafficTargetStatus
Represents the observed state of a singleTrafficTarget
entry.
Fields | |
---|---|
percent |
Specifies percent of the traffic to this Revision. |
revision |
Revision to which this traffic is sent. |
tag |
Indicates the string used in the URI to exclusively reference this target. |
type |
The allocation type for this traffic target. |
Enum type. Can be one of the following: | |
TRAFFIC_TARGET_ALLOCATION_TYPE_UNSPECIFIED |
Unspecified instance allocation type. |
TRAFFIC_TARGET_ALLOCATION_TYPE_LATEST |
Allocates instances to the Service's latest ready Revision. |
TRAFFIC_TARGET_ALLOCATION_TYPE_REVISION |
Allocates instances to a Revision by name. |
uri |
Displays the target URI. |
GoogleCloudRunV2VersionToPath
VersionToPath maps a specific version of a secret to a relative file to mount to, relative to VolumeMount's mount_path.Fields | |
---|---|
mode |
Integer octal mode bits to use on this file, must be a value between 01 and 0777 (octal). If 0 or not set, the Volume's default mode will be used. Notes * Internally, a umask of 0222 will be applied to any non-zero value. * This is an integer representation of the mode bits. So, the octal integer value should look exactly as the chmod numeric notation with a leading zero. Some examples: for chmod 777 (a=rwx), set to 0777 (octal) or 511 (base-10). For chmod 640 (u=rw,g=r), set to 0640 (octal) or 416 (base-10). For chmod 755 (u=rwx,g=rx,o=rx), set to 0755 (octal) or 493 (base-10). * This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. |
path |
Required. The relative path of the secret in the container. |
version |
The Cloud Secret Manager secret version. Can be 'latest' for the latest value, or an integer or a secret alias for a specific version. |
GoogleCloudRunV2Volume
Volume represents a named volume in a container.Fields | |
---|---|
cloudSqlInstance |
For Cloud SQL volumes, contains the specific instances that should be mounted. Visit https://cloud.google.com/sql/docs/mysql/connect-run for more information on how to connect Cloud SQL and Cloud Run. |
emptyDir |
Ephemeral storage used as a shared volume. |
name |
Required. Volume's name. |
secret |
Secret represents a secret that should populate this volume. |
GoogleCloudRunV2VolumeMount
VolumeMount describes a mounting of a Volume within a container.Fields | |
---|---|
mountPath |
Required. Path within the container at which the volume should be mounted. Must not contain ':'. For Cloud SQL volumes, it can be left empty, or must otherwise be |
name |
Required. This must match the Name of a Volume. |
GoogleCloudRunV2VpcAccess
VPC Access settings. For more information on sending traffic to a VPC network, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.Fields | |
---|---|
connector |
VPC Access connector name. Format: projects/{project}/locations/{location}/connectors/{connector}, where {project} can be project id or number. For more information on sending traffic to a VPC network via a connector, visit https://cloud.google.com/run/docs/configuring/vpc-connectors. |
egress |
Traffic VPC egress settings. If not provided, it defaults to PRIVATE_RANGES_ONLY. |
Enum type. Can be one of the following: | |
VPC_EGRESS_UNSPECIFIED |
Unspecified |
ALL_TRAFFIC |
All outbound traffic is routed through the VPC connector. |
PRIVATE_RANGES_ONLY |
Only private IP ranges are routed through the VPC connector. |
networkInterfaces[] |
Direct VPC egress settings. Currently only single network interface is supported. |
GoogleIamV1AuditConfig
Specifies the audit configuration for a service. The configuration determines which permission types are logged, and what identities, if any, are exempted from logging. An AuditConfig must have one or more AuditLogConfigs. If there are AuditConfigs for bothallServices
and a specific service, the union of the two AuditConfigs is used for that service: the log_types specified in each AuditConfig are enabled, and the exempted_members in each AuditLogConfig are exempted. Example Policy with multiple AuditConfigs: { "audit_configs": [ { "service": "allServices", "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" }, { "log_type": "ADMIN_READ" } ] }, { "service": "sampleservice.googleapis.com", "audit_log_configs": [ { "log_type": "DATA_READ" }, { "log_type": "DATA_WRITE", "exempted_members": [ "user:aliya@example.com" ] } ] } ] } For sampleservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ logging. It also exempts jose@example.com
from DATA_READ logging, and aliya@example.com
from DATA_WRITE logging.
Fields | |
---|---|
auditLogConfigs[] |
The configuration for logging of each type of permission. |
service |
Specifies a service that will be enabled for audit logging. For example, |
GoogleIamV1AuditLogConfig
Provides the configuration for logging a type of permissions. Example: { "audit_log_configs": [ { "log_type": "DATA_READ", "exempted_members": [ "user:jose@example.com" ] }, { "log_type": "DATA_WRITE" } ] } This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting jose@example.com from DATA_READ logging.Fields | |
---|---|
exemptedMembers[] |
Specifies the identities that do not cause logging for this type of permission. Follows the same format of Binding.members. |
logType |
The log type that this config enables. |
Enum type. Can be one of the following: | |
LOG_TYPE_UNSPECIFIED |
Default case. Should never be this. |
ADMIN_READ |
Admin reads. Example: CloudIAM getIamPolicy |
DATA_WRITE |
Data writes. Example: CloudSQL Users create |
DATA_READ |
Data reads. Example: CloudSQL Users list |
GoogleIamV1Binding
Associatesmembers
, or principals, with a role
.
Fields | |
---|---|
condition |
The condition that is associated with this binding. If the condition evaluates to |
members[] |
Specifies the principals requesting access for a Google Cloud resource. |
role |
Role that is assigned to the list of |
GoogleIamV1Policy
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. APolicy
is a collection of bindings
. A binding
binds one or more members
, or principals, to a single role
. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role
is a named list of permissions; each role
can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding
can also specify a condition
, which is a logical expression that allows access to a resource only if the expression evaluates to true
. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the IAM documentation. JSON example: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], "etag": "BwWWja0YfJA=", "version": 3 }
YAML example: bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3
For a description of IAM and its features, see the IAM documentation.
Fields | |
---|---|
auditConfigs[] |
Specifies cloud audit logging configuration for this policy. |
bindings[] |
Associates a list of |
etag |
|
version |
Specifies the format of the policy. Valid values are |
GoogleIamV1SetIamPolicyRequest
Request message forSetIamPolicy
method.
Fields | |
---|---|
policy |
REQUIRED: The complete policy to be applied to the |
updateMask |
OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only the fields in the mask will be modified. If no mask is provided, the following default mask is used: |
GoogleIamV1TestIamPermissionsRequest
Request message forTestIamPermissions
method.
Fields | |
---|---|
permissions[] |
The set of permissions to check for the |
GoogleIamV1TestIamPermissionsResponse
Response message forTestIamPermissions
method.
Fields | |
---|---|
permissions[] |
A subset of |
GoogleLongrunningListOperationsResponse
The response message for Operations.ListOperations.Fields | |
---|---|
nextPageToken |
The standard List next-page token. |
operations[] |
A list of operations that matches the specified filter in the request. |
GoogleLongrunningOperation
This resource represents a long-running operation that is the result of a network API call.Fields | |
---|---|
done |
If the value is |
error |
The error result of the operation in case of failure or cancellation. |
metadata |
Service-specific metadata associated with the operation. It typically contains progress information and common metadata such as create time. Some services might not provide such metadata. Any method that returns a long-running operation should document the metadata type, if any. |
name |
The server-assigned name, which is only unique within the same service that originally returns it. If you use the default HTTP mapping, the |
response |
The normal, successful response of the operation. If the original method returns no data on success, such as |
GoogleLongrunningWaitOperationRequest
The request message for Operations.WaitOperation.Fields | |
---|---|
timeout |
The maximum duration to wait before timing out. If left blank, the wait will be at most the time permitted by the underlying HTTP/RPC protocol. If RPC context deadline is also specified, the shorter one will be used. |
GoogleRpcStatus
TheStatus
type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status
message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
Fields | |
---|---|
code |
The status code, which should be an enum value of google.rpc.Code. |
details[] |
A list of messages that carry the error details. There is a common set of message types for APIs to use. |
message |
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the google.rpc.Status.details field, or localized by the client. |
GoogleTypeExpr
Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.Fields | |
---|---|
description |
Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI. |
expression |
Textual representation of an expression in Common Expression Language syntax. |
location |
Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file. |
title |
Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression. |