xref: /aosp_15_r20/external/googleapis/google/cloud/run/v2/vendor_settings.proto (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1// Copyright 2023 Google LLC
2//
3// Licensed under the Apache License, Version 2.0 (the "License");
4// you may not use this file except in compliance with the License.
5// You may obtain a copy of the License at
6//
7//     http://www.apache.org/licenses/LICENSE-2.0
8//
9// Unless required by applicable law or agreed to in writing, software
10// distributed under the License is distributed on an "AS IS" BASIS,
11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12// See the License for the specific language governing permissions and
13// limitations under the License.
14
15syntax = "proto3";
16
17package google.cloud.run.v2;
18
19import "google/api/resource.proto";
20
21option go_package = "cloud.google.com/go/run/apiv2/runpb;runpb";
22option java_multiple_files = true;
23option java_outer_classname = "VendorSettingsProto";
24option java_package = "com.google.cloud.run.v2";
25
26// VPC Access settings. For more information on sending traffic to a VPC
27// network, visit https://cloud.google.com/run/docs/configuring/connecting-vpc.
28message VpcAccess {
29  // Egress options for VPC access.
30  enum VpcEgress {
31    // Unspecified
32    VPC_EGRESS_UNSPECIFIED = 0;
33
34    // All outbound traffic is routed through the VPC connector.
35    ALL_TRAFFIC = 1;
36
37    // Only private IP ranges are routed through the VPC connector.
38    PRIVATE_RANGES_ONLY = 2;
39  }
40
41  // Direct VPC egress settings.
42  message NetworkInterface {
43    // The VPC network that the Cloud Run resource will be able to send traffic
44    // to. At least one of network or subnetwork must be specified. If both
45    // network and subnetwork are specified, the given VPC subnetwork must
46    // belong to the given VPC network. If network is not specified, it will be
47    // looked up from the subnetwork.
48    string network = 1;
49
50    // The VPC subnetwork that the Cloud Run resource will get IPs from. At
51    // least one of network or subnetwork must be specified. If both
52    // network and subnetwork are specified, the given VPC subnetwork must
53    // belong to the given VPC network. If subnetwork is not specified, the
54    // subnetwork with the same name with the network will be used.
55    string subnetwork = 2;
56
57    // Network tags applied to this Cloud Run resource.
58    repeated string tags = 3;
59  }
60
61  // VPC Access connector name.
62  // Format: projects/{project}/locations/{location}/connectors/{connector},
63  // where {project} can be project id or number.
64  // For more information on sending traffic to a VPC network via a connector,
65  // visit https://cloud.google.com/run/docs/configuring/vpc-connectors.
66  string connector = 1 [(google.api.resource_reference) = {
67    type: "vpcaccess.googleapis.com/Connector"
68  }];
69
70  // Traffic VPC egress settings. If not provided, it defaults to
71  // PRIVATE_RANGES_ONLY.
72  VpcEgress egress = 2;
73
74  // Direct VPC egress settings. Currently only single network interface is
75  // supported.
76  repeated NetworkInterface network_interfaces = 3;
77}
78
79// Settings for Binary Authorization feature.
80message BinaryAuthorization {
81  oneof binauthz_method {
82    // If True, indicates to use the default project's binary authorization
83    // policy. If False, binary authorization will be disabled.
84    bool use_default = 1;
85  }
86
87  // If present, indicates to use Breakglass using this justification.
88  // If use_default is False, then it must be empty.
89  // For more information on breakglass, see
90  // https://cloud.google.com/binary-authorization/docs/using-breakglass
91  string breakglass_justification = 2;
92}
93
94// Settings for revision-level scaling settings.
95message RevisionScaling {
96  // Minimum number of serving instances that this resource should have.
97  int32 min_instance_count = 1;
98
99  // Maximum number of serving instances that this resource should have.
100  int32 max_instance_count = 2;
101}
102
103// Allowed ingress traffic for the Container.
104enum IngressTraffic {
105  // Unspecified
106  INGRESS_TRAFFIC_UNSPECIFIED = 0;
107
108  // All inbound traffic is allowed.
109  INGRESS_TRAFFIC_ALL = 1;
110
111  // Only internal traffic is allowed.
112  INGRESS_TRAFFIC_INTERNAL_ONLY = 2;
113
114  // Both internal and Google Cloud Load Balancer traffic is allowed.
115  INGRESS_TRAFFIC_INTERNAL_LOAD_BALANCER = 3;
116}
117
118// Alternatives for execution environments.
119enum ExecutionEnvironment {
120  // Unspecified
121  EXECUTION_ENVIRONMENT_UNSPECIFIED = 0;
122
123  // Uses the First Generation environment.
124  EXECUTION_ENVIRONMENT_GEN1 = 1;
125
126  // Uses Second Generation environment.
127  EXECUTION_ENVIRONMENT_GEN2 = 2;
128}
129
130// Specifies behavior if an encryption key used by a resource is revoked.
131enum EncryptionKeyRevocationAction {
132  // Unspecified
133  ENCRYPTION_KEY_REVOCATION_ACTION_UNSPECIFIED = 0;
134
135  // Prevents the creation of new instances.
136  PREVENT_NEW = 1;
137
138  // Shuts down existing instances, and prevents creation of new ones.
139  SHUTDOWN = 2;
140}
141
142// Scaling settings applied at the service level rather than
143// at the revision level.
144message ServiceScaling {
145  // total min instances for the service. This number of instances is
146  // divided among all revisions with specified traffic based on the percent
147  // of traffic they are receiving. (BETA)
148  int32 min_instance_count = 1;
149}
150