feat: Add PrivateServiceConnect option to WorkerPool

Google APIs · copybara-github · commit 48d30c4966ef · 2024-10-26T00:31:58.000-07:00
PiperOrigin-RevId: 690046730
diff --git a/google/devtools/cloudbuild/v1/cloudbuild.proto b/google/devtools/cloudbuild/v1/cloudbuild.proto
@@ -67,6 +67,10 @@ option (google.api.resource_definition) = {
   type: "pubsub.googleapis.com/Topic"
   pattern: "projects/{project}/topics/{topic}"
 };
+option (google.api.resource_definition) = {
+  type: "compute.googleapis.com/NetworkAttachment"
+  pattern: "projects/{project}/regions/{region}/networkAttachments/{networkattachment}"
+};
 option (google.api.resource_definition) = {
   type: "cloudbuild.googleapis.com/Repository"
   pattern: "projects/{project}/locations/{location}/connections/{connection}/repositories/{repository}"
@@ -2583,11 +2587,54 @@ message PrivatePoolV1Config {
         [(google.api.field_behavior) = IMMUTABLE];
   }
 
+  // Defines the Private Service Connect network configuration for the pool.
+  message PrivateServiceConnect {
+    // Required. Immutable. The network attachment that the worker network
+    // interface is peered to. Must be in the format
+    // `projects/{project}/regions/{region}/networkAttachments/{networkAttachment}`.
+    // The region of network attachment must be the same as the worker pool.
+    // See [Network
+    // Attachments](https://cloud.google.com/vpc/docs/about-network-attachments)
+    string network_attachment = 1 [
+      (google.api.field_behavior) = IMMUTABLE,
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.resource_reference) = {
+        type: "compute.googleapis.com/NetworkAttachment"
+      }
+    ];
+
+    // Required. Immutable. Disable public IP on the primary network interface.
+    //
+    // If true, workers are created without any public address, which prevents
+    // network egress to public IPs unless a network proxy is configured.
+    // If false, workers are created with a public address which allows for
+    // public internet egress. The public address only applies to traffic
+    // through the primary network interface.
+    // If `route_all_traffic` is set to true, all traffic will go through the
+    // non-primary network interface, this boolean has no effect.
+    bool public_ip_address_disabled = 2 [
+      (google.api.field_behavior) = REQUIRED,
+      (google.api.field_behavior) = IMMUTABLE
+    ];
+
+    // Immutable. Route all traffic through PSC interface. Enable this if you
+    // want full control of traffic in the private pool. Configure Cloud NAT for
+    // the subnet of network attachment if you need to access public Internet.
+    //
+    // If false, Only route private IPs, e.g. 10.0.0.0/8, 172.16.0.0/12, and
+    // 192.168.0.0/16 through PSC interface.
+    bool route_all_traffic = 3 [(google.api.field_behavior) = IMMUTABLE];
+  }
+
   // Machine configuration for the workers in the pool.
   WorkerConfig worker_config = 1;
 
   // Network configuration for the pool.
   NetworkConfig network_config = 2;
+
+  // Immutable. Private Service Connect(PSC) Network configuration for the pool.
+  PrivateServiceConnect private_service_connect = 5
+      [(google.api.field_behavior) = IMMUTABLE];
 }
 
 // Request to create a new `WorkerPool`.
