1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.aiplatform.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/aiplatform/v1/encryption_spec.proto"; 22import "google/cloud/aiplatform/v1/machine_resources.proto"; 23import "google/cloud/aiplatform/v1/service_networking.proto"; 24import "google/protobuf/timestamp.proto"; 25 26option csharp_namespace = "Google.Cloud.AIPlatform.V1"; 27option go_package = "cloud.google.com/go/aiplatform/apiv1/aiplatformpb;aiplatformpb"; 28option java_multiple_files = true; 29option java_outer_classname = "IndexEndpointProto"; 30option java_package = "com.google.cloud.aiplatform.v1"; 31option php_namespace = "Google\\Cloud\\AIPlatform\\V1"; 32option ruby_package = "Google::Cloud::AIPlatform::V1"; 33 34// Indexes are deployed into it. An IndexEndpoint can have multiple 35// DeployedIndexes. 36message IndexEndpoint { 37 option (google.api.resource) = { 38 type: "aiplatform.googleapis.com/IndexEndpoint" 39 pattern: "projects/{project}/locations/{location}/indexEndpoints/{index_endpoint}" 40 }; 41 42 // Output only. The resource name of the IndexEndpoint. 43 string name = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 44 45 // Required. The display name of the IndexEndpoint. 46 // The name can be up to 128 characters long and can consist of any UTF-8 47 // characters. 48 string display_name = 2 [(google.api.field_behavior) = REQUIRED]; 49 50 // The description of the IndexEndpoint. 51 string description = 3; 52 53 // Output only. The indexes deployed in this endpoint. 54 repeated DeployedIndex deployed_indexes = 4 55 [(google.api.field_behavior) = OUTPUT_ONLY]; 56 57 // Used to perform consistent read-modify-write updates. If not set, a blind 58 // "overwrite" update happens. 59 string etag = 5; 60 61 // The labels with user-defined metadata to organize your IndexEndpoints. 62 // 63 // Label keys and values can be no longer than 64 characters 64 // (Unicode codepoints), can only contain lowercase letters, numeric 65 // characters, underscores and dashes. International characters are allowed. 66 // 67 // See https://goo.gl/xmQnxf for more information and examples of labels. 68 map<string, string> labels = 6; 69 70 // Output only. Timestamp when this IndexEndpoint was created. 71 google.protobuf.Timestamp create_time = 7 72 [(google.api.field_behavior) = OUTPUT_ONLY]; 73 74 // Output only. Timestamp when this IndexEndpoint was last updated. 75 // This timestamp is not updated when the endpoint's DeployedIndexes are 76 // updated, e.g. due to updates of the original Indexes they are the 77 // deployments of. 78 google.protobuf.Timestamp update_time = 8 79 [(google.api.field_behavior) = OUTPUT_ONLY]; 80 81 // Optional. The full name of the Google Compute Engine 82 // [network](https://cloud.google.com/compute/docs/networks-and-firewalls#networks) 83 // to which the IndexEndpoint should be peered. 84 // 85 // Private services access must already be configured for the network. If left 86 // unspecified, the Endpoint is not peered with any network. 87 // 88 // [network][google.cloud.aiplatform.v1.IndexEndpoint.network] and 89 // [private_service_connect_config][google.cloud.aiplatform.v1.IndexEndpoint.private_service_connect_config] 90 // are mutually exclusive. 91 // 92 // [Format](https://cloud.google.com/compute/docs/reference/rest/v1/networks/insert): 93 // `projects/{project}/global/networks/{network}`. 94 // Where {project} is a project number, as in '12345', and {network} is 95 // network name. 96 string network = 9 [(google.api.field_behavior) = OPTIONAL]; 97 98 // Optional. Deprecated: If true, expose the IndexEndpoint via private service 99 // connect. 100 // 101 // Only one of the fields, 102 // [network][google.cloud.aiplatform.v1.IndexEndpoint.network] or 103 // [enable_private_service_connect][google.cloud.aiplatform.v1.IndexEndpoint.enable_private_service_connect], 104 // can be set. 105 bool enable_private_service_connect = 10 106 [deprecated = true, (google.api.field_behavior) = OPTIONAL]; 107 108 // Optional. Configuration for private service connect. 109 // 110 // [network][google.cloud.aiplatform.v1.IndexEndpoint.network] and 111 // [private_service_connect_config][google.cloud.aiplatform.v1.IndexEndpoint.private_service_connect_config] 112 // are mutually exclusive. 113 PrivateServiceConnectConfig private_service_connect_config = 12 114 [(google.api.field_behavior) = OPTIONAL]; 115 116 // Optional. If true, the deployed index will be accessible through public 117 // endpoint. 118 bool public_endpoint_enabled = 13 [(google.api.field_behavior) = OPTIONAL]; 119 120 // Output only. If 121 // [public_endpoint_enabled][google.cloud.aiplatform.v1.IndexEndpoint.public_endpoint_enabled] 122 // is true, this field will be populated with the domain name to use for this 123 // index endpoint. 124 string public_endpoint_domain_name = 14 125 [(google.api.field_behavior) = OUTPUT_ONLY]; 126 127 // Immutable. Customer-managed encryption key spec for an IndexEndpoint. If 128 // set, this IndexEndpoint and all sub-resources of this IndexEndpoint will be 129 // secured by this key. 130 EncryptionSpec encryption_spec = 15 [(google.api.field_behavior) = IMMUTABLE]; 131} 132 133// A deployment of an Index. IndexEndpoints contain one or more DeployedIndexes. 134message DeployedIndex { 135 // Required. The user specified ID of the DeployedIndex. 136 // The ID can be up to 128 characters long and must start with a letter and 137 // only contain letters, numbers, and underscores. 138 // The ID must be unique within the project it is created in. 139 string id = 1 [(google.api.field_behavior) = REQUIRED]; 140 141 // Required. The name of the Index this is the deployment of. 142 // We may refer to this Index as the DeployedIndex's "original" Index. 143 string index = 2 [ 144 (google.api.field_behavior) = REQUIRED, 145 (google.api.resource_reference) = { 146 type: "aiplatform.googleapis.com/Index" 147 } 148 ]; 149 150 // The display name of the DeployedIndex. If not provided upon creation, 151 // the Index's display_name is used. 152 string display_name = 3; 153 154 // Output only. Timestamp when the DeployedIndex was created. 155 google.protobuf.Timestamp create_time = 4 156 [(google.api.field_behavior) = OUTPUT_ONLY]; 157 158 // Output only. Provides paths for users to send requests directly to the 159 // deployed index services running on Cloud via private services access. This 160 // field is populated if 161 // [network][google.cloud.aiplatform.v1.IndexEndpoint.network] is configured. 162 IndexPrivateEndpoints private_endpoints = 5 163 [(google.api.field_behavior) = OUTPUT_ONLY]; 164 165 // Output only. The DeployedIndex may depend on various data on its original 166 // Index. Additionally when certain changes to the original Index are being 167 // done (e.g. when what the Index contains is being changed) the DeployedIndex 168 // may be asynchronously updated in the background to reflect these changes. 169 // If this timestamp's value is at least the 170 // [Index.update_time][google.cloud.aiplatform.v1.Index.update_time] of the 171 // original Index, it means that this DeployedIndex and the original Index are 172 // in sync. If this timestamp is older, then to see which updates this 173 // DeployedIndex already contains (and which it does not), one must 174 // [list][google.longrunning.Operations.ListOperations] the operations that 175 // are running on the original Index. Only the successfully completed 176 // Operations with 177 // [update_time][google.cloud.aiplatform.v1.GenericOperationMetadata.update_time] 178 // equal or before this sync time are contained in this DeployedIndex. 179 google.protobuf.Timestamp index_sync_time = 6 180 [(google.api.field_behavior) = OUTPUT_ONLY]; 181 182 // Optional. A description of resources that the DeployedIndex uses, which to 183 // large degree are decided by Vertex AI, and optionally allows only a modest 184 // additional configuration. 185 // If min_replica_count is not set, the default value is 2 (we don't provide 186 // SLA when min_replica_count=1). If max_replica_count is not set, the 187 // default value is min_replica_count. The max allowed replica count is 188 // 1000. 189 AutomaticResources automatic_resources = 7 190 [(google.api.field_behavior) = OPTIONAL]; 191 192 // Optional. A description of resources that are dedicated to the 193 // DeployedIndex, and that need a higher degree of manual configuration. The 194 // field min_replica_count must be set to a value strictly greater than 0, or 195 // else validation will fail. We don't provide SLA when min_replica_count=1. 196 // If max_replica_count is not set, the default value is min_replica_count. 197 // The max allowed replica count is 1000. 198 // 199 // Available machine types for SMALL shard: 200 // e2-standard-2 and all machine types available for MEDIUM and LARGE shard. 201 // 202 // Available machine types for MEDIUM shard: 203 // e2-standard-16 and all machine types available for LARGE shard. 204 // 205 // Available machine types for LARGE shard: 206 // e2-highmem-16, n2d-standard-32. 207 // 208 // n1-standard-16 and n1-standard-32 are still available, but we recommend 209 // e2-standard-16 and e2-highmem-16 for cost efficiency. 210 DedicatedResources dedicated_resources = 16 211 [(google.api.field_behavior) = OPTIONAL]; 212 213 // Optional. If true, private endpoint's access logs are sent to Cloud 214 // Logging. 215 // 216 // These logs are like standard server access logs, containing 217 // information like timestamp and latency for each MatchRequest. 218 // 219 // Note that logs may incur a cost, especially if the deployed 220 // index receives a high queries per second rate (QPS). 221 // Estimate your costs before enabling this option. 222 bool enable_access_logging = 8 [(google.api.field_behavior) = OPTIONAL]; 223 224 // Optional. If set, the authentication is enabled for the private endpoint. 225 DeployedIndexAuthConfig deployed_index_auth_config = 9 226 [(google.api.field_behavior) = OPTIONAL]; 227 228 // Optional. A list of reserved ip ranges under the VPC network that can be 229 // used for this DeployedIndex. 230 // 231 // If set, we will deploy the index within the provided ip ranges. Otherwise, 232 // the index might be deployed to any ip ranges under the provided VPC 233 // network. 234 // 235 // The value should be the name of the address 236 // (https://cloud.google.com/compute/docs/reference/rest/v1/addresses) 237 // Example: ['vertex-ai-ip-range']. 238 // 239 // For more information about subnets and network IP ranges, please see 240 // https://cloud.google.com/vpc/docs/subnets#manually_created_subnet_ip_ranges. 241 repeated string reserved_ip_ranges = 10 242 [(google.api.field_behavior) = OPTIONAL]; 243 244 // Optional. The deployment group can be no longer than 64 characters (eg: 245 // 'test', 'prod'). If not set, we will use the 'default' deployment group. 246 // 247 // Creating `deployment_groups` with `reserved_ip_ranges` is a recommended 248 // practice when the peered network has multiple peering ranges. This creates 249 // your deployments from predictable IP spaces for easier traffic 250 // administration. Also, one deployment_group (except 'default') can only be 251 // used with the same reserved_ip_ranges which means if the deployment_group 252 // has been used with reserved_ip_ranges: [a, b, c], using it with [a, b] or 253 // [d, e] is disallowed. 254 // 255 // Note: we only support up to 5 deployment groups(not including 'default'). 256 string deployment_group = 11 [(google.api.field_behavior) = OPTIONAL]; 257} 258 259// Used to set up the auth on the DeployedIndex's private endpoint. 260message DeployedIndexAuthConfig { 261 // Configuration for an authentication provider, including support for 262 // [JSON Web Token 263 // (JWT)](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32). 264 message AuthProvider { 265 // The list of JWT 266 // [audiences](https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-32#section-4.1.3). 267 // that are allowed to access. A JWT containing any of these audiences will 268 // be accepted. 269 repeated string audiences = 1; 270 271 // A list of allowed JWT issuers. Each entry must be a valid Google 272 // service account, in the following format: 273 // 274 // `[email protected]` 275 repeated string allowed_issuers = 2; 276 } 277 278 // Defines the authentication provider that the DeployedIndex uses. 279 AuthProvider auth_provider = 1; 280} 281 282// IndexPrivateEndpoints proto is used to provide paths for users to send 283// requests via private endpoints (e.g. private service access, private service 284// connect). 285// To send request via private service access, use match_grpc_address. 286// To send request via private service connect, use service_attachment. 287message IndexPrivateEndpoints { 288 // Output only. The ip address used to send match gRPC requests. 289 string match_grpc_address = 1 [(google.api.field_behavior) = OUTPUT_ONLY]; 290 291 // Output only. The name of the service attachment resource. Populated if 292 // private service connect is enabled. 293 string service_attachment = 2 [(google.api.field_behavior) = OUTPUT_ONLY]; 294 295 // Output only. PscAutomatedEndpoints is populated if private service connect 296 // is enabled if PscAutomatedConfig is set. 297 repeated PscAutomatedEndpoints psc_automated_endpoints = 3 298 [(google.api.field_behavior) = OUTPUT_ONLY]; 299} 300