googleapis
diff --git a/‎protos/google/cloud/gkehub/v1/configmanagement/configmanagement.proto‎
Lines changed: 383 additions & 0 deletions b/‎protos/google/cloud/gkehub/v1/configmanagement/configmanagement.proto‎
Lines changed: 383 additions & 0 deletions
@@ -0,0 +1,383 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.gkehub.configmanagement.v1;
+
+import "google/protobuf/timestamp.proto";
+import "google/api/annotations.proto";
+
+option csharp_namespace = "Google.Cloud.GkeHub.ConfigManagement.V1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/gkehub/configmanagement/v1;configmanagement";
+option java_multiple_files = true;
+option java_outer_classname = "ConfigManagementProto";
+option java_package = "com.google.cloud.gkehub.configmanagement.v1";
+option php_namespace = "Google\\Cloud\\GkeHub\\ConfigManagement\\V1";
+option ruby_package = "Google::Cloud::GkeHub::ConfigManagement::V1";
+
+// Enum representing the state of an ACM's deployment on a cluster
+enum DeploymentState {
+  // Deployment's state cannot be determined
+  DEPLOYMENT_STATE_UNSPECIFIED = 0;
+
+  // Deployment is not installed
+  NOT_INSTALLED = 1;
+
+  // Deployment is installed
+  INSTALLED = 2;
+
+  // Deployment was attempted to be installed, but has errors
+  ERROR = 3;
+}
+
+// **Anthos Config Management**: State for a single cluster.
+message MembershipState {
+  // The user-defined name for the cluster used by ClusterSelectors to group
+  // clusters together. This should match Membership's membership_name,
+  // unless the user installed ACM on the cluster manually prior to enabling
+  // the ACM hub feature.
+  // Unique within a Anthos Config Management installation.
+  string cluster_name = 1;
+
+  // Membership configuration in the cluster. This represents the actual state
+  // in the cluster, while the MembershipSpec in the FeatureSpec represents
+  // the intended state
+  MembershipSpec membership_spec = 2;
+
+  // Current install status of ACM's Operator
+  OperatorState operator_state = 3;
+
+  // Current sync status
+  ConfigSyncState config_sync_state = 4;
+
+  // PolicyController status
+  PolicyControllerState policy_controller_state = 5;
+
+  // Hierarchy Controller status
+  HierarchyControllerState hierarchy_controller_state = 7;
+}
+
+// **Anthos Config Management**: Configuration for a single cluster.
+// Intended to parallel the ConfigManagement CR.
+message MembershipSpec {
+  // Config Sync configuration for the cluster.
+  ConfigSync config_sync = 1;
+
+  // Policy Controller configuration for the cluster.
+  PolicyController policy_controller = 2;
+
+  // Hierarchy Controller configuration for the cluster.
+  HierarchyControllerConfig hierarchy_controller = 4;
+
+  // Version of ACM installed.
+  string version = 10;
+}
+
+// Configuration for Config Sync
+message ConfigSync {
+  // Git repo configuration for the cluster.
+  GitConfig git = 7;
+
+  // Specifies whether the Config Sync Repo is
+  // in “hierarchical” or “unstructured” mode.
+  string source_format = 8;
+}
+
+// Git repo configuration for a single cluster.
+message GitConfig {
+  // The URL of the Git repository to use as the source of truth.
+  string sync_repo = 1;
+
+  // The branch of the repository to sync from. Default: master.
+  string sync_branch = 2;
+
+  // The path within the Git repository that represents the top level of the
+  // repo to sync. Default: the root directory of the repository.
+  string policy_dir = 3;
+
+  // Period in seconds between consecutive syncs. Default: 15.
+  int64 sync_wait_secs = 4;
+
+  // Git revision (tag or hash) to check out. Default HEAD.
+  string sync_rev = 5;
+
+  // Type of secret configured for access to the Git repo.
+  string secret_type = 6;
+
+  // URL for the HTTPS proxy to be used when communicating with the Git repo.
+  string https_proxy = 7;
+
+  // The GCP Service Account Email used for auth when secret_type is
+  // gcpServiceAccount.
+  string gcp_service_account_email = 8;
+}
+
+// Configuration for Policy Controller
+message PolicyController {
+  // Enables the installation of Policy Controller.
+  // If false, the rest of PolicyController fields take no
+  // effect.
+  bool enabled = 1;
+
+  // Installs the default template library along with Policy Controller.
+  optional bool template_library_installed = 2;
+
+  // Sets the interval for Policy Controller Audit Scans (in seconds).
+  // When set to 0, this disables audit functionality altogether.
+  optional int64 audit_interval_seconds = 3;
+
+  // The set of namespaces that are excluded from Policy Controller checks.
+  // Namespaces do not need to currently exist on the cluster.
+  repeated string exemptable_namespaces = 4;
+
+  // Enables the ability to use Constraint Templates that reference to objects
+  // other than the object currently being evaluated.
+  bool referential_rules_enabled = 5;
+
+  // Logs all denies and dry run failures.
+  bool log_denies_enabled = 6;
+}
+
+// Configuration for Hierarchy Controller
+message HierarchyControllerConfig {
+  // Whether Hierarchy Controller is enabled in this cluster.
+  bool enabled = 1;
+
+  // Whether pod tree labels are enabled in this cluster.
+  bool enable_pod_tree_labels = 2;
+
+  // Whether hierarchical resource quota is enabled in this cluster.
+  bool enable_hierarchical_resource_quota = 3;
+}
+
+// Deployment state for Hierarchy Controller
+message HierarchyControllerDeploymentState {
+  // The deployment state for open source HNC (e.g. v0.7.0-hc.0)
+  DeploymentState hnc = 1;
+
+  // The deployment state for Hierarchy Controller extension (e.g. v0.7.0-hc.1)
+  DeploymentState extension = 2;
+}
+
+// Version for Hierarchy Controller
+message HierarchyControllerVersion {
+  // Version for open source HNC
+  string hnc = 1;
+
+  // Version for Hierarchy Controller extension
+  string extension = 2;
+}
+
+// State for Hierarchy Controller
+message HierarchyControllerState {
+  // The version for Hierarchy Controller
+  HierarchyControllerVersion version = 1;
+
+  // The deployment state for Hierarchy Controller
+  HierarchyControllerDeploymentState state = 2;
+}
+
+// State information for an ACM's Operator
+message OperatorState {
+  // The semenatic version number of the operator
+  string version = 1;
+
+  // The state of the Operator's deployment
+  DeploymentState deployment_state = 2;
+
+  // Install errors.
+  repeated InstallError errors = 3;
+}
+
+// Errors pertaining to the installation of ACM
+message InstallError {
+  // A string representing the user facing error message
+  string error_message = 1;
+}
+
+// State information for ConfigSync
+message ConfigSyncState {
+  // The version of ConfigSync deployed
+  ConfigSyncVersion version = 1;
+
+  // Information about the deployment of ConfigSync, including the version
+  // of the various Pods deployed
+  ConfigSyncDeploymentState deployment_state = 2;
+
+  // The state of ConfigSync's process to sync configs to a cluster
+  SyncState sync_state = 3;
+}
+
+// Specific versioning information pertaining to ConfigSync's Pods
+message ConfigSyncVersion {
+  // Version of the deployed importer pod
+  string importer = 1;
+
+  // Version of the deployed syncer pod
+  string syncer = 2;
+
+  // Version of the deployed git-sync pod
+  string git_sync = 3;
+
+  // Version of the deployed monitor pod
+  string monitor = 4;
+
+  // Version of the deployed reconciler-manager pod
+  string reconciler_manager = 5;
+
+  // Version of the deployed reconciler container in root-reconciler pod
+  string root_reconciler = 6;
+}
+
+// The state of ConfigSync's deployment on a cluster
+message ConfigSyncDeploymentState {
+  // Deployment state of the importer pod
+  DeploymentState importer = 1;
+
+  // Deployment state of the syncer pod
+  DeploymentState syncer = 2;
+
+  // Deployment state of the git-sync pod
+  DeploymentState git_sync = 3;
+
+  // Deployment state of the monitor pod
+  DeploymentState monitor = 4;
+
+  // Deployment state of reconciler-manager pod
+  DeploymentState reconciler_manager = 5;
+
+  // Deployment state of root-reconciler
+  DeploymentState root_reconciler = 6;
+}
+
+// State indicating an ACM's progress syncing configurations to a cluster
+message SyncState {
+  // An enum representing an ACM's status syncing configs to a cluster
+  enum SyncCode {
+    // ACM cannot determine a sync code
+    SYNC_CODE_UNSPECIFIED = 0;
+
+    // ACM successfully synced the git Repo with the cluster
+    SYNCED = 1;
+
+    // ACM is in the progress of syncing a new change
+    PENDING = 2;
+
+    // Indicates an error configuring ACM, and user action is required
+    ERROR = 3;
+
+    // ACM has been installed (operator manifest deployed),
+    // but not configured.
+    NOT_CONFIGURED = 4;
+
+    // ACM has not been installed (no operator pod found)
+    NOT_INSTALLED = 5;
+
+    // Error authorizing with the cluster
+    UNAUTHORIZED = 6;
+
+    // Cluster could not be reached
+    UNREACHABLE = 7;
+  }
+
+  // Token indicating the state of the repo.
+  string source_token = 1;
+
+  // Token indicating the state of the importer.
+  string import_token = 2;
+
+  // Token indicating the state of the syncer.
+  string sync_token = 3;
+
+  // Deprecated: use last_sync_time instead.
+  // Timestamp of when ACM last successfully synced the repo
+  // The time format is specified in https://golang.org/pkg/time/#Time.String
+  string last_sync = 4 [deprecated = true];
+
+  // Timestamp type of when ACM last successfully synced the repo
+  google.protobuf.Timestamp last_sync_time = 7;
+
+  // Sync status code
+  SyncCode code = 5;
+
+  // A list of errors resulting from problematic configs.
+  // This list will be truncated after 100 errors, although it is
+  // unlikely for that many errors to simultaneously exist.
+  repeated SyncError errors = 6;
+}
+
+// An ACM created error representing a problem syncing configurations
+message SyncError {
+  // An ACM defined error code
+  string code = 1;
+
+  // A description of the error
+  string error_message = 2;
+
+  // A list of config(s) associated with the error, if any
+  repeated ErrorResource error_resources = 3;
+}
+
+// Model for a config file in the git repo with an associated Sync error
+message ErrorResource {
+  // Path in the git repo of the erroneous config
+  string source_path = 1;
+
+  // Metadata name of the resource that is causing an error
+  string resource_name = 2;
+
+  // Namespace of the resource that is causing an error
+  string resource_namespace = 3;
+
+  // Group/version/kind of the resource that is causing an error
+  GroupVersionKind resource_gvk = 4;
+}
+
+// A Kubernetes object's GVK
+message GroupVersionKind {
+  // Kubernetes Group
+  string group = 1;
+
+  // Kubernetes Version
+  string version = 2;
+
+  // Kubernetes Kind
+  string kind = 3;
+}
+
+// State for PolicyControllerState.
+message PolicyControllerState {
+  // The version of Gatekeeper Policy Controller deployed.
+  PolicyControllerVersion version = 1;
+
+  // The state about the policy controller installation.
+  GatekeeperDeploymentState deployment_state = 2;
+}
+
+// The build version of Gatekeeper Policy Controller is using.
+message PolicyControllerVersion {
+  // The gatekeeper image tag that is composed of ACM version, git tag, build
+  // number.
+  string version = 1;
+}
+
+// State of Policy Controller installation.
+message GatekeeperDeploymentState {
+  // Status of gatekeeper-controller-manager pod.
+  DeploymentState gatekeeper_controller_manager_state = 1;
+
+  // Status of gatekeeper-audit deployment.
+  DeploymentState gatekeeper_audit = 2;
+}