1// Copyright 2023 Google LLC 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15syntax = "proto3"; 16 17package google.cloud.networkmanagement.v1; 18 19import "google/api/field_behavior.proto"; 20import "google/api/resource.proto"; 21import "google/cloud/networkmanagement/v1/trace.proto"; 22import "google/protobuf/timestamp.proto"; 23import "google/rpc/status.proto"; 24 25option csharp_namespace = "Google.Cloud.NetworkManagement.V1"; 26option go_package = "cloud.google.com/go/networkmanagement/apiv1/networkmanagementpb;networkmanagementpb"; 27option java_multiple_files = true; 28option java_outer_classname = "TestOuterClass"; 29option java_package = "com.google.cloud.networkmanagement.v1"; 30option php_namespace = "Google\\Cloud\\NetworkManagement\\V1"; 31option ruby_package = "Google::Cloud::NetworkManagement::V1"; 32 33// A Connectivity Test for a network reachability analysis. 34message ConnectivityTest { 35 option (google.api.resource) = { 36 type: "networkmanagement.googleapis.com/ConnectivityTest" 37 pattern: "projects/{project}/locations/global/connectivityTests/{test}" 38 }; 39 40 // Required. Unique name of the resource using the form: 41 // `projects/{project_id}/locations/global/connectivityTests/{test_id}` 42 string name = 1 [(google.api.field_behavior) = REQUIRED]; 43 44 // The user-supplied description of the Connectivity Test. 45 // Maximum of 512 characters. 46 string description = 2; 47 48 // Required. Source specification of the Connectivity Test. 49 // 50 // You can use a combination of source IP address, virtual machine 51 // (VM) instance, or Compute Engine network to uniquely identify 52 // the source location. 53 // 54 // Examples: 55 // If the source IP address is an internal IP address within a Google Cloud 56 // Virtual Private Cloud (VPC) network, then you must also specify the VPC 57 // network. Otherwise, specify the VM instance, which already contains its 58 // internal IP address and VPC network information. 59 // 60 // If the source of the test is within an on-premises network, then you must 61 // provide the destination VPC network. 62 // 63 // If the source endpoint is a Compute Engine VM instance with multiple 64 // network interfaces, the instance itself is not sufficient to identify the 65 // endpoint. So, you must also specify the source IP address or VPC network. 66 // 67 // A reachability analysis proceeds even if the source location is 68 // ambiguous. However, the test result may include endpoints that you don't 69 // intend to test. 70 Endpoint source = 3 [(google.api.field_behavior) = REQUIRED]; 71 72 // Required. Destination specification of the Connectivity Test. 73 // 74 // You can use a combination of destination IP address, Compute Engine 75 // VM instance, or VPC network to uniquely identify the destination 76 // location. 77 // 78 // Even if the destination IP address is not unique, the source IP 79 // location is unique. Usually, the analysis can infer the destination 80 // endpoint from route information. 81 // 82 // If the destination you specify is a VM instance and the instance has 83 // multiple network interfaces, then you must also specify either 84 // a destination IP address or VPC network to identify the destination 85 // interface. 86 // 87 // A reachability analysis proceeds even if the destination location is 88 // ambiguous. However, the result can include endpoints that you don't 89 // intend to test. 90 Endpoint destination = 4 [(google.api.field_behavior) = REQUIRED]; 91 92 // IP Protocol of the test. When not provided, "TCP" is assumed. 93 string protocol = 5; 94 95 // Other projects that may be relevant for reachability analysis. 96 // This is applicable to scenarios where a test can cross project boundaries. 97 repeated string related_projects = 6; 98 99 // Output only. The display name of a Connectivity Test. 100 string display_name = 7 [(google.api.field_behavior) = OUTPUT_ONLY]; 101 102 // Resource labels to represent user-provided metadata. 103 map<string, string> labels = 8; 104 105 // Output only. The time the test was created. 106 google.protobuf.Timestamp create_time = 10 107 [(google.api.field_behavior) = OUTPUT_ONLY]; 108 109 // Output only. The time the test's configuration was updated. 110 google.protobuf.Timestamp update_time = 11 111 [(google.api.field_behavior) = OUTPUT_ONLY]; 112 113 // Output only. The reachability details of this test from the latest run. 114 // The details are updated when creating a new test, updating an 115 // existing test, or triggering a one-time rerun of an existing test. 116 ReachabilityDetails reachability_details = 12 117 [(google.api.field_behavior) = OUTPUT_ONLY]; 118 119 // Output only. The probing details of this test from the latest run, present 120 // for applicable tests only. The details are updated when creating a new 121 // test, updating an existing test, or triggering a one-time rerun of an 122 // existing test. 123 ProbingDetails probing_details = 14 124 [(google.api.field_behavior) = OUTPUT_ONLY]; 125 126 // Whether the test should skip firewall checking. 127 // If not provided, we assume false. 128 bool bypass_firewall_checks = 17; 129} 130 131// Source or destination of the Connectivity Test. 132message Endpoint { 133 // The type definition of an endpoint's network. Use one of the 134 // following choices: 135 enum NetworkType { 136 // Default type if unspecified. 137 NETWORK_TYPE_UNSPECIFIED = 0; 138 139 // A network hosted within Google Cloud. 140 // To receive more detailed output, specify the URI for the source or 141 // destination network. 142 GCP_NETWORK = 1; 143 144 // A network hosted outside of Google Cloud. 145 // This can be an on-premises network, or a network hosted by another cloud 146 // provider. 147 NON_GCP_NETWORK = 2; 148 } 149 150 // Type of the target of a forwarding rule. 151 enum ForwardingRuleTarget { 152 // Forwarding rule target is unknown. 153 FORWARDING_RULE_TARGET_UNSPECIFIED = 0; 154 155 // Compute Engine instance for protocol forwarding. 156 INSTANCE = 1; 157 158 // Load Balancer. The specific type can be found from [load_balancer_type] 159 // [google.cloud.networkmanagement.v1.Endpoint.load_balancer_type]. 160 LOAD_BALANCER = 2; 161 162 // Classic Cloud VPN Gateway. 163 VPN_GATEWAY = 3; 164 165 // Forwarding Rule is a Private Service Connect endpoint. 166 PSC = 4; 167 } 168 169 // Wrapper for Cloud Function attributes. 170 message CloudFunctionEndpoint { 171 // A [Cloud Function](https://cloud.google.com/functions) name. 172 string uri = 1; 173 } 174 175 // Wrapper for the App Engine service version attributes. 176 message AppEngineVersionEndpoint { 177 // An [App Engine](https://cloud.google.com/appengine) [service 178 // version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions) 179 // name. 180 string uri = 1; 181 } 182 183 // Wrapper for Cloud Run revision attributes. 184 message CloudRunRevisionEndpoint { 185 // A [Cloud Run](https://cloud.google.com/run) 186 // [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) 187 // URI. The format is: 188 // projects/{project}/locations/{location}/revisions/{revision} 189 string uri = 1; 190 } 191 192 // The IP address of the endpoint, which can be an external or internal IP. 193 string ip_address = 1; 194 195 // The IP protocol port of the endpoint. 196 // Only applicable when protocol is TCP or UDP. 197 int32 port = 2; 198 199 // A Compute Engine instance URI. 200 string instance = 3; 201 202 // A forwarding rule and its corresponding IP address represent the frontend 203 // configuration of a Google Cloud load balancer. Forwarding rules are also 204 // used for protocol forwarding, Private Service Connect and other network 205 // services to provide forwarding information in the control plane. Format: 206 // projects/{project}/global/forwardingRules/{id} or 207 // projects/{project}/regions/{region}/forwardingRules/{id} 208 string forwarding_rule = 13; 209 210 // Output only. Specifies the type of the target of the forwarding rule. 211 optional ForwardingRuleTarget forwarding_rule_target = 14 212 [(google.api.field_behavior) = OUTPUT_ONLY]; 213 214 // Output only. ID of the load balancer the forwarding rule points to. Empty 215 // for forwarding rules not related to load balancers. 216 optional string load_balancer_id = 15 217 [(google.api.field_behavior) = OUTPUT_ONLY]; 218 219 // Output only. Type of the load balancer the forwarding rule points to. 220 optional LoadBalancerType load_balancer_type = 16 221 [(google.api.field_behavior) = OUTPUT_ONLY]; 222 223 // A cluster URI for [Google Kubernetes Engine 224 // master](https://cloud.google.com/kubernetes-engine/docs/concepts/cluster-architecture). 225 string gke_master_cluster = 7; 226 227 // A [Cloud SQL](https://cloud.google.com/sql) instance URI. 228 string cloud_sql_instance = 8; 229 230 // A [Cloud Function](https://cloud.google.com/functions). 231 CloudFunctionEndpoint cloud_function = 10; 232 233 // An [App Engine](https://cloud.google.com/appengine) [service 234 // version](https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.services.versions). 235 AppEngineVersionEndpoint app_engine_version = 11; 236 237 // A [Cloud Run](https://cloud.google.com/run) 238 // [revision](https://cloud.google.com/run/docs/reference/rest/v1/namespaces.revisions/get) 239 CloudRunRevisionEndpoint cloud_run_revision = 12; 240 241 // A Compute Engine network URI. 242 string network = 4; 243 244 // Type of the network where the endpoint is located. 245 // Applicable only to source endpoint, as destination network type can be 246 // inferred from the source. 247 NetworkType network_type = 5; 248 249 // Project ID where the endpoint is located. 250 // The Project ID can be derived from the URI if you provide a VM instance or 251 // network URI. 252 // The following are two cases where you must provide the project ID: 253 // 1. Only the IP address is specified, and the IP address is within a Google 254 // Cloud project. 255 // 2. When you are using Shared VPC and the IP address that you provide is 256 // from the service project. In this case, the network that the IP address 257 // resides in is defined in the host project. 258 string project_id = 6; 259} 260 261// Results of the configuration analysis from the last run of the test. 262message ReachabilityDetails { 263 // The overall result of the test's configuration analysis. 264 enum Result { 265 // No result was specified. 266 RESULT_UNSPECIFIED = 0; 267 268 // Possible scenarios are: 269 // 270 // * The configuration analysis determined that a packet originating from 271 // the source is expected to reach the destination. 272 // * The analysis didn't complete because the user lacks permission for 273 // some of the resources in the trace. However, at the time the user's 274 // permission became insufficient, the trace had been successful so far. 275 REACHABLE = 1; 276 277 // A packet originating from the source is expected to be dropped before 278 // reaching the destination. 279 UNREACHABLE = 2; 280 281 // The source and destination endpoints do not uniquely identify 282 // the test location in the network, and the reachability result contains 283 // multiple traces. For some traces, a packet could be delivered, and for 284 // others, it would not be. This result is also assigned to 285 // configuration analysis of return path if on its own it should be 286 // REACHABLE, but configuration analysis of forward path is AMBIGUOUS. 287 AMBIGUOUS = 4; 288 289 // The configuration analysis did not complete. Possible reasons are: 290 // 291 // * A permissions error occurred--for example, the user might not have 292 // read permission for all of the resources named in the test. 293 // * An internal error occurred. 294 // * The analyzer received an invalid or unsupported argument or was unable 295 // to identify a known endpoint. 296 UNDETERMINED = 5; 297 } 298 299 // The overall result of the test's configuration analysis. 300 Result result = 1; 301 302 // The time of the configuration analysis. 303 google.protobuf.Timestamp verify_time = 2; 304 305 // The details of a failure or a cancellation of reachability analysis. 306 google.rpc.Status error = 3; 307 308 // Result may contain a list of traces if a test has multiple possible 309 // paths in the network, such as when destination endpoint is a load balancer 310 // with multiple backends. 311 repeated Trace traces = 5; 312} 313 314// Latency percentile rank and value. 315message LatencyPercentile { 316 // Percentage of samples this data point applies to. 317 int32 percent = 1; 318 319 // percent-th percentile of latency observed, in microseconds. 320 // Fraction of percent/100 of samples have latency lower or 321 // equal to the value of this field. 322 int64 latency_micros = 2; 323} 324 325// Describes measured latency distribution. 326message LatencyDistribution { 327 // Representative latency percentiles. 328 repeated LatencyPercentile latency_percentiles = 1; 329} 330 331// Results of active probing from the last run of the test. 332message ProbingDetails { 333 // Overall probing result of the test. 334 enum ProbingResult { 335 // No result was specified. 336 PROBING_RESULT_UNSPECIFIED = 0; 337 338 // At least 95% of packets reached the destination. 339 REACHABLE = 1; 340 341 // No packets reached the destination. 342 UNREACHABLE = 2; 343 344 // Less than 95% of packets reached the destination. 345 REACHABILITY_INCONSISTENT = 3; 346 347 // Reachability could not be determined. Possible reasons are: 348 // * The user lacks permission to access some of the network resources 349 // required to run the test. 350 // * No valid source endpoint could be derived from the request. 351 // * An internal error occurred. 352 UNDETERMINED = 4; 353 } 354 355 // Abort cause types. 356 enum ProbingAbortCause { 357 // No reason was specified. 358 PROBING_ABORT_CAUSE_UNSPECIFIED = 0; 359 360 // The user lacks permission to access some of the 361 // network resources required to run the test. 362 PERMISSION_DENIED = 1; 363 364 // No valid source endpoint could be derived from the request. 365 NO_SOURCE_LOCATION = 2; 366 } 367 368 // Representation of a network edge location as per 369 // https://cloud.google.com/vpc/docs/edge-locations. 370 message EdgeLocation { 371 // Name of the metropolitan area. 372 string metropolitan_area = 1; 373 } 374 375 // The overall result of active probing. 376 ProbingResult result = 1; 377 378 // The time that reachability was assessed through active probing. 379 google.protobuf.Timestamp verify_time = 2; 380 381 // Details about an internal failure or the cancellation of active probing. 382 google.rpc.Status error = 3; 383 384 // The reason probing was aborted. 385 ProbingAbortCause abort_cause = 4; 386 387 // Number of probes sent. 388 int32 sent_probe_count = 5; 389 390 // Number of probes that reached the destination. 391 int32 successful_probe_count = 6; 392 393 // The source and destination endpoints derived from the test input and used 394 // for active probing. 395 EndpointInfo endpoint_info = 7; 396 397 // Latency as measured by active probing in one direction: 398 // from the source to the destination endpoint. 399 LatencyDistribution probing_latency = 8; 400 401 // The EdgeLocation from which a packet destined for/originating from the 402 // internet will egress/ingress the Google network. 403 // This will only be populated for a connectivity test which has an internet 404 // destination/source address. 405 // The absence of this field *must not* be used as an indication that the 406 // destination/source is part of the Google network. 407 EdgeLocation destination_egress_location = 9; 408} 409