From c41dd55a056d103598a2675992b46ba8d6359ec5 Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Wed, 15 Aug 2018 19:20:26 -0700 Subject: [PATCH 1/3] revendor container/v1beta1 --- .../api/container/v1beta1/container-api.json | 165 +++++++++-- .../api/container/v1beta1/container-gen.go | 262 +++++++++++++++++- vendor/vendor.json | 6 +- 3 files changed, 405 insertions(+), 28 deletions(-) diff --git a/vendor/google.golang.org/api/container/v1beta1/container-api.json b/vendor/google.golang.org/api/container/v1beta1/container-api.json index de641cc10db..8180b22a12b 100644 --- a/vendor/google.golang.org/api/container/v1beta1/container-api.json +++ b/vendor/google.golang.org/api/container/v1beta1/container-api.json @@ -60,11 +60,6 @@ "location": "query", "type": "string" }, - "bearer_token": { - "description": "OAuth bearer token.", - "location": "query", - "type": "string" - }, "callback": { "description": "JSONP", "location": "query", @@ -85,12 +80,6 @@ "location": "query", "type": "string" }, - "pp": { - "default": "true", - "description": "Pretty-print response.", - "location": "query", - "type": "boolean" - }, "prettyPrint": { "default": "true", "description": "Returns response with indentations and line breaks.", @@ -213,7 +202,7 @@ ], "parameters": { "parent": { - "description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations'.", + "description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*'.", "location": "path", "pattern": "^projects/[^/]+$", "required": true, @@ -753,7 +742,7 @@ ], "parameters": { "parent": { - "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.", + "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.", "location": "path", "pattern": "^projects/[^/]+/locations/[^/]+/clusters/[^/]+$", "required": true, @@ -2446,7 +2435,7 @@ } } }, - "revision": "20180504", + "revision": "20180713", "rootUrl": "https://container.googleapis.com/", "schemas": { "AcceleratorConfig": { @@ -2503,6 +2492,17 @@ }, "type": "object" }, + "BinaryAuthorization": { + "description": "Configuration for Binary Authorization.", + "id": "BinaryAuthorization", + "properties": { + "enabled": { + "description": "Enable Binary Authorization for this cluster. If enabled, all container\nimages will be validated by Google Binauthz.", + "type": "boolean" + } + }, + "type": "object" + }, "CancelOperationRequest": { "description": "CancelOperationRequest cancels a single operation.", "id": "CancelOperationRequest", @@ -2560,6 +2560,10 @@ "$ref": "AddonsConfig", "description": "Configurations for the various addons available to run in the cluster." }, + "binaryAuthorization": { + "$ref": "BinaryAuthorization", + "description": "Configuration for Binary Authorization." + }, "clusterIpv4Cidr": { "description": "The IP address range of the container pods in this cluster, in\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `10.96.0.0/14`). Leave blank to have\none automatically chosen or specify a `/14` block in `10.0.0.0/8`.", "type": "string" @@ -2589,6 +2593,10 @@ "description": "Kubernetes alpha features are enabled on this cluster. This includes alpha\nAPI groups (e.g. v1beta1) and features that may not be production ready in\nthe kubernetes version of the master and nodes.\nThe cluster has no SLA for uptime and master/node upgrades are disabled.\nAlpha enabled clusters are automatically deleted thirty days after\ncreation.", "type": "boolean" }, + "enableTpu": { + "description": "Enable the ability to use Cloud TPUs in this cluster.", + "type": "boolean" + }, "endpoint": { "description": "[Output only] The IP address of this cluster's master endpoint.\nThe endpoint can be accessed from the internet at\n`https://username:password@endpoint/`.\n\nSee the `masterAuth` property of this resource for username and\npassword information.", "type": "string" @@ -2653,7 +2661,7 @@ "description": "The configuration options for master authorized networks feature." }, "masterIpv4CidrBlock": { - "description": "The IP prefix in CIDR notation to use for the hosted master network.\nThis prefix will be used for assigning private IP addresses to the\nmaster or set of masters, as well as the ILB VIP.", + "description": "The IP prefix in CIDR notation to use for the hosted master network.\nThis prefix will be used for assigning private IP addresses to the\nmaster or set of masters, as well as the ILB VIP.\nThis field is deprecated, use\nprivate_cluster_config.master_ipv4_cidr_block instead.", "type": "string" }, "monitoringService": { @@ -2697,9 +2705,13 @@ "description": "Configuration for the PodSecurityPolicy feature." }, "privateCluster": { - "description": "If this is a private cluster setup. Private clusters are clusters that, by\ndefault have no external IP addresses on the nodes and where nodes and the\nmaster communicate over private IP addresses.", + "description": "If this is a private cluster setup. Private clusters are clusters that, by\ndefault have no external IP addresses on the nodes and where nodes and the\nmaster communicate over private IP addresses.\nThis field is deprecated, use private_cluster_config.enabled instead.", "type": "boolean" }, + "privateClusterConfig": { + "$ref": "PrivateClusterConfig", + "description": "Configuration for private cluster." + }, "resourceLabels": { "additionalProperties": { "type": "string" @@ -2745,6 +2757,10 @@ "description": "The name of the Google Compute Engine\n[subnetwork](/compute/docs/subnetworks) to which the\ncluster is connected. On output this shows the subnetwork ID instead of\nthe name.", "type": "string" }, + "tpuIpv4CidrBlock": { + "description": "[Output only] The IP address range of the Cloud TPUs in this cluster, in\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `1.2.3.4/29`).", + "type": "string" + }, "zone": { "description": "[Output only] The name of the Google Compute Engine\n[zone](/compute/docs/zones#available) in which the cluster\nresides.\nThis field is deprecated, use location instead.", "type": "string" @@ -2760,6 +2776,10 @@ "$ref": "AddonsConfig", "description": "Configurations for the various addons available to run in the cluster." }, + "desiredBinaryAuthorization": { + "$ref": "BinaryAuthorization", + "description": "The desired configuration options for the Binary Authorization feature." + }, "desiredImageType": { "description": "The desired image type for the node pool.\nNOTE: Set the \"desired_node_pool\" field as well.", "type": "string" @@ -2771,6 +2791,10 @@ }, "type": "array" }, + "desiredLoggingService": { + "description": "The logging service the cluster should use to write metrics.\nCurrently available options:\n\n* \"logging.googleapis.com/kubernetes\" - the Google Cloud Logging\nservice with Kubernetes-native resource model in Stackdriver\n* \"logging.googleapis.com\" - the Google Cloud Logging service\n* \"none\" - no logs will be exported from the cluster", + "type": "string" + }, "desiredMasterAuthorizedNetworksConfig": { "$ref": "MasterAuthorizedNetworksConfig", "description": "The desired configuration options for master authorized networks feature." @@ -2780,7 +2804,7 @@ "type": "string" }, "desiredMonitoringService": { - "description": "The monitoring service the cluster should use to write metrics.\nCurrently available options:\n\n* \"monitoring.googleapis.com\" - the Google Cloud Monitoring service\n* \"none\" - no metrics will be exported from the cluster", + "description": "The monitoring service the cluster should use to write metrics.\nCurrently available options:\n\n* \"monitoring.googleapis.com/kubernetes\" - the Google Cloud Monitoring\nservice with Kubernetes-native resource model in Stackdriver\n* \"monitoring.googleapis.com\" - the Google Cloud Monitoring service\n* \"none\" - no metrics will be exported from the cluster", "type": "string" }, "desiredNodePoolAutoscaling": { @@ -2861,7 +2885,7 @@ "description": "The node pool to create." }, "parent": { - "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.", + "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.", "type": "string" }, "projectId": { @@ -2966,6 +2990,10 @@ "description": "A custom subnetwork name to be used if `create_subnetwork` is true. If\nthis field is empty, then an automatic name will be chosen for the new\nsubnetwork.", "type": "string" }, + "tpuIpv4CidrBlock": { + "description": "The IP address range of the Cloud TPUs in this cluster. If unspecified, a\nrange will be automatically chosen with the default size.\n\nThis field is only applicable when `use_ip_aliases` is true.\n\nIf unspecified, the range will use the default size.\n\nSet to /netmask (e.g. `/14`) to have a range chosen with a specific\nnetmask.\n\nSet to a\n[CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing)\nnotation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks (e.g.\n`10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific range\nto use.", + "type": "string" + }, "useIpAliases": { "description": "Whether alias IPs will be used for pod IPs in the cluster.", "type": "boolean" @@ -3092,7 +3120,7 @@ "id": "Location", "properties": { "name": { - "description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations/*'.", + "description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*/locations/*'.", "type": "string" }, "recommended": { @@ -3187,6 +3215,31 @@ }, "type": "object" }, + "Metric": { + "description": "Progress metric is (string, int|float|string) pair.", + "id": "Metric", + "properties": { + "doubleValue": { + "description": "For metrics with floating point value.", + "format": "double", + "type": "number" + }, + "intValue": { + "description": "For metrics with integer value.", + "format": "int64", + "type": "string" + }, + "name": { + "description": "Metric name, required.\ne.g., \"nodes total\", \"percent done\"", + "type": "string" + }, + "stringValue": { + "description": "For metrics with custom values (ratios, visual progress, etc.).", + "type": "string" + } + }, + "type": "object" + }, "NetworkConfig": { "description": "NetworkConfig reports the relative names of network \u0026 subnetwork.", "id": "NetworkConfig", @@ -3525,6 +3578,10 @@ ], "type": "string" }, + "progress": { + "$ref": "OperationProgress", + "description": "[Output only] Progress information for an operation." + }, "selfLink": { "description": "Server-defined URL for the resource.", "type": "string" @@ -3566,6 +3623,49 @@ }, "type": "object" }, + "OperationProgress": { + "description": "Information about operation (or operation stage) progress.", + "id": "OperationProgress", + "properties": { + "metrics": { + "description": "Progress metric bundle, for example:\n metrics: [{name: \"nodes done\", int_value: 15},\n {name: \"nodes total\", int_value: 32}]\nor\n metrics: [{name: \"progress\", double_value: 0.56},\n {name: \"progress scale\", double_value: 1.0}]", + "items": { + "$ref": "Metric" + }, + "type": "array" + }, + "name": { + "description": "A non-parameterized string describing an operation stage.\nUnset for single-stage operations.", + "type": "string" + }, + "stages": { + "description": "Substages of an operation or a stage.", + "items": { + "$ref": "OperationProgress" + }, + "type": "array" + }, + "status": { + "description": "Status of an operation stage.\nUnset for single-stage operations.", + "enum": [ + "STATUS_UNSPECIFIED", + "PENDING", + "RUNNING", + "DONE", + "ABORTING" + ], + "enumDescriptions": [ + "Not set.", + "The operation has been created.", + "The operation is currently running.", + "The operation is done, either cancelled or completed.", + "The operation is aborting." + ], + "type": "string" + } + }, + "type": "object" + }, "PodSecurityPolicyConfig": { "description": "Configuration for the PodSecurityPolicy feature.", "id": "PodSecurityPolicyConfig", @@ -3577,6 +3677,33 @@ }, "type": "object" }, + "PrivateClusterConfig": { + "description": "Configuration options for private clusters.", + "id": "PrivateClusterConfig", + "properties": { + "enablePrivateEndpoint": { + "description": "Whether the master's internal IP address is used as the cluster endpoint.", + "type": "boolean" + }, + "enablePrivateNodes": { + "description": "Whether nodes have only private IP addresses, and communicate with the\nmaster via private networking.", + "type": "boolean" + }, + "masterIpv4CidrBlock": { + "description": "The IP prefix in CIDR notation to use for the hosted master network. This\nprefix will be used for assigning private IP addresses to the master or\nset of masters, as well as the ILB VIP.", + "type": "string" + }, + "privateEndpoint": { + "description": "Output only. The internal IP address of this cluster's master endpoint.", + "type": "string" + }, + "publicEndpoint": { + "description": "Output only. The external IP address of this cluster's master endpoint.", + "type": "string" + } + }, + "type": "object" + }, "RollbackNodePoolUpgradeRequest": { "description": "RollbackNodePoolUpgradeRequest rollbacks the previously Aborted or Failed\nNodePool upgrade. This will be an no-op if the last upgrade successfully\ncompleted.", "id": "RollbackNodePoolUpgradeRequest", diff --git a/vendor/google.golang.org/api/container/v1beta1/container-gen.go b/vendor/google.golang.org/api/container/v1beta1/container-gen.go index c72f05e6e00..4e4fdec15f8 100644 --- a/vendor/google.golang.org/api/container/v1beta1/container-gen.go +++ b/vendor/google.golang.org/api/container/v1beta1/container-gen.go @@ -333,6 +333,36 @@ func (s *AutoUpgradeOptions) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// BinaryAuthorization: Configuration for Binary Authorization. +type BinaryAuthorization struct { + // Enabled: Enable Binary Authorization for this cluster. If enabled, + // all container + // images will be validated by Google Binauthz. + Enabled bool `json:"enabled,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Enabled") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Enabled") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *BinaryAuthorization) MarshalJSON() ([]byte, error) { + type NoMethod BinaryAuthorization + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // CancelOperationRequest: CancelOperationRequest cancels a single // operation. type CancelOperationRequest struct { @@ -452,6 +482,9 @@ type Cluster struct { // in the cluster. AddonsConfig *AddonsConfig `json:"addonsConfig,omitempty"` + // BinaryAuthorization: Configuration for Binary Authorization. + BinaryAuthorization *BinaryAuthorization `json:"binaryAuthorization,omitempty"` + // ClusterIpv4Cidr: The IP address range of the container pods in this // cluster, // in @@ -496,6 +529,9 @@ type Cluster struct { // creation. EnableKubernetesAlpha bool `json:"enableKubernetesAlpha,omitempty"` + // EnableTpu: Enable the ability to use Cloud TPUs in this cluster. + EnableTpu bool `json:"enableTpu,omitempty"` + // Endpoint: [Output only] The IP address of this cluster's master // endpoint. // The endpoint can be accessed from the internet @@ -603,6 +639,9 @@ type Cluster struct { // This prefix will be used for assigning private IP addresses to // the // master or set of masters, as well as the ILB VIP. + // This field is deprecated, + // use + // private_cluster_config.master_ipv4_cidr_block instead. MasterIpv4CidrBlock string `json:"masterIpv4CidrBlock,omitempty"` // MonitoringService: The monitoring service the cluster should use to @@ -679,8 +718,12 @@ type Cluster struct { // default have no external IP addresses on the nodes and where nodes // and the // master communicate over private IP addresses. + // This field is deprecated, use private_cluster_config.enabled instead. PrivateCluster bool `json:"privateCluster,omitempty"` + // PrivateClusterConfig: Configuration for private cluster. + PrivateClusterConfig *PrivateClusterConfig `json:"privateClusterConfig,omitempty"` + // ResourceLabels: The resource labels for the cluster to use to // annotate any related // Google Compute Engine resources. @@ -737,6 +780,14 @@ type Cluster struct { // the name. Subnetwork string `json:"subnetwork,omitempty"` + // TpuIpv4CidrBlock: [Output only] The IP address range of the Cloud + // TPUs in this cluster, + // in + // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) + // + // notation (e.g. `1.2.3.4/29`). + TpuIpv4CidrBlock string `json:"tpuIpv4CidrBlock,omitempty"` + // Zone: [Output only] The name of the Google Compute // Engine // [zone](/compute/docs/zones#available) in which the @@ -782,6 +833,10 @@ type ClusterUpdate struct { // to run in the cluster. DesiredAddonsConfig *AddonsConfig `json:"desiredAddonsConfig,omitempty"` + // DesiredBinaryAuthorization: The desired configuration options for the + // Binary Authorization feature. + DesiredBinaryAuthorization *BinaryAuthorization `json:"desiredBinaryAuthorization,omitempty"` + // DesiredImageType: The desired image type for the node pool. // NOTE: Set the "desired_node_pool" field as well. DesiredImageType string `json:"desiredImageType,omitempty"` @@ -799,6 +854,17 @@ type ClusterUpdate struct { // This list must always include the cluster's primary zone. DesiredLocations []string `json:"desiredLocations,omitempty"` + // DesiredLoggingService: The logging service the cluster should use to + // write metrics. + // Currently available options: + // + // * "logging.googleapis.com/kubernetes" - the Google Cloud + // Logging + // service with Kubernetes-native resource model in Stackdriver + // * "logging.googleapis.com" - the Google Cloud Logging service + // * "none" - no logs will be exported from the cluster + DesiredLoggingService string `json:"desiredLoggingService,omitempty"` + // DesiredMasterAuthorizedNetworksConfig: The desired configuration // options for master authorized networks feature. DesiredMasterAuthorizedNetworksConfig *MasterAuthorizedNetworksConfig `json:"desiredMasterAuthorizedNetworksConfig,omitempty"` @@ -823,6 +889,9 @@ type ClusterUpdate struct { // use to write metrics. // Currently available options: // + // * "monitoring.googleapis.com/kubernetes" - the Google Cloud + // Monitoring + // service with Kubernetes-native resource model in Stackdriver // * "monitoring.googleapis.com" - the Google Cloud Monitoring service // * "none" - no metrics will be exported from the cluster DesiredMonitoringService string `json:"desiredMonitoringService,omitempty"` @@ -1001,9 +1070,8 @@ type CreateNodePoolRequest struct { // Parent: The parent (project, location, cluster id) where the node // pool will be - // created. Specified in the - // format - // 'projects/*/locations/*/clusters/*/nodePools/*'. + // created. Specified in the format + // 'projects/*/locations/*/clusters/*'. Parent string `json:"parent,omitempty"` // ProjectId: Deprecated. The Google Developers Console [project ID or @@ -1307,6 +1375,29 @@ type IPAllocationPolicy struct { // subnetwork. SubnetworkName string `json:"subnetworkName,omitempty"` + // TpuIpv4CidrBlock: The IP address range of the Cloud TPUs in this + // cluster. If unspecified, a + // range will be automatically chosen with the default size. + // + // This field is only applicable when `use_ip_aliases` is true. + // + // If unspecified, the range will use the default size. + // + // Set to /netmask (e.g. `/14`) to have a range chosen with a + // specific + // netmask. + // + // Set to + // a + // [CIDR](http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) + // + // notation (e.g. `10.96.0.0/14`) from the RFC-1918 private networks + // (e.g. + // `10.0.0.0/8`, `172.16.0.0/12`, `192.168.0.0/16`) to pick a specific + // range + // to use. + TpuIpv4CidrBlock string `json:"tpuIpv4CidrBlock,omitempty"` + // UseIpAliases: Whether alias IPs will be used for pod IPs in the // cluster. UseIpAliases bool `json:"useIpAliases,omitempty"` @@ -1605,7 +1696,7 @@ func (s *ListUsableSubnetworksResponse) MarshalJSON() ([]byte, error) { // for GKE cluster scheduling. type Location struct { // Name: Contains the name of the resource requested. - // Specific in the format 'projects/*/locations/*'. + // Specified in the format 'projects/*/locations/*'. Name string `json:"name,omitempty"` // Recommended: Recommended is a bool combining the drain state of the @@ -1816,6 +1907,59 @@ func (s *MasterAuthorizedNetworksConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// Metric: Progress metric is (string, int|float|string) pair. +type Metric struct { + // DoubleValue: For metrics with floating point value. + DoubleValue float64 `json:"doubleValue,omitempty"` + + // IntValue: For metrics with integer value. + IntValue int64 `json:"intValue,omitempty,string"` + + // Name: Metric name, required. + // e.g., "nodes total", "percent done" + Name string `json:"name,omitempty"` + + // StringValue: For metrics with custom values (ratios, visual progress, + // etc.). + StringValue string `json:"stringValue,omitempty"` + + // ForceSendFields is a list of field names (e.g. "DoubleValue") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "DoubleValue") to include + // in API requests with the JSON null value. By default, fields with + // empty values are omitted from API requests. However, any field with + // an empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *Metric) MarshalJSON() ([]byte, error) { + type NoMethod Metric + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + +func (s *Metric) UnmarshalJSON(data []byte) error { + type NoMethod Metric + var s1 struct { + DoubleValue gensupport.JSONFloat64 `json:"doubleValue"` + *NoMethod + } + s1.NoMethod = (*NoMethod)(s) + if err := json.Unmarshal(data, &s1); err != nil { + return err + } + s.DoubleValue = float64(s1.DoubleValue) + return nil +} + // NetworkConfig: NetworkConfig reports the relative names of network & // subnetwork. type NetworkConfig struct { @@ -2391,6 +2535,9 @@ type Operation struct { // "SET_MAINTENANCE_POLICY" - Set the maintenance policy. OperationType string `json:"operationType,omitempty"` + // Progress: [Output only] Progress information for an operation. + Progress *OperationProgress `json:"progress,omitempty"` + // SelfLink: Server-defined URL for the resource. SelfLink string `json:"selfLink,omitempty"` @@ -2450,6 +2597,58 @@ func (s *Operation) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// OperationProgress: Information about operation (or operation stage) +// progress. +type OperationProgress struct { + // Metrics: Progress metric bundle, for example: + // metrics: [{name: "nodes done", int_value: 15}, + // {name: "nodes total", int_value: 32}] + // or + // metrics: [{name: "progress", double_value: 0.56}, + // {name: "progress scale", double_value: 1.0}] + Metrics []*Metric `json:"metrics,omitempty"` + + // Name: A non-parameterized string describing an operation stage. + // Unset for single-stage operations. + Name string `json:"name,omitempty"` + + // Stages: Substages of an operation or a stage. + Stages []*OperationProgress `json:"stages,omitempty"` + + // Status: Status of an operation stage. + // Unset for single-stage operations. + // + // Possible values: + // "STATUS_UNSPECIFIED" - Not set. + // "PENDING" - The operation has been created. + // "RUNNING" - The operation is currently running. + // "DONE" - The operation is done, either cancelled or completed. + // "ABORTING" - The operation is aborting. + Status string `json:"status,omitempty"` + + // ForceSendFields is a list of field names (e.g. "Metrics") to + // unconditionally include in API requests. By default, fields with + // empty values are omitted from API requests. However, any non-pointer, + // non-interface field appearing in ForceSendFields will be sent to the + // server regardless of whether the field is empty or not. This may be + // used to include empty fields in Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "Metrics") to include in + // API requests with the JSON null value. By default, fields with empty + // values are omitted from API requests. However, any field with an + // empty value appearing in NullFields will be sent to the server as + // null. It is an error if a field in this list has a non-empty value. + // This may be used to include null fields in Patch requests. + NullFields []string `json:"-"` +} + +func (s *OperationProgress) MarshalJSON() ([]byte, error) { + type NoMethod OperationProgress + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // PodSecurityPolicyConfig: Configuration for the PodSecurityPolicy // feature. type PodSecurityPolicyConfig struct { @@ -2481,6 +2680,57 @@ func (s *PodSecurityPolicyConfig) MarshalJSON() ([]byte, error) { return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) } +// PrivateClusterConfig: Configuration options for private clusters. +type PrivateClusterConfig struct { + // EnablePrivateEndpoint: Whether the master's internal IP address is + // used as the cluster endpoint. + EnablePrivateEndpoint bool `json:"enablePrivateEndpoint,omitempty"` + + // EnablePrivateNodes: Whether nodes have only private IP addresses, and + // communicate with the + // master via private networking. + EnablePrivateNodes bool `json:"enablePrivateNodes,omitempty"` + + // MasterIpv4CidrBlock: The IP prefix in CIDR notation to use for the + // hosted master network. This + // prefix will be used for assigning private IP addresses to the master + // or + // set of masters, as well as the ILB VIP. + MasterIpv4CidrBlock string `json:"masterIpv4CidrBlock,omitempty"` + + // PrivateEndpoint: Output only. The internal IP address of this + // cluster's master endpoint. + PrivateEndpoint string `json:"privateEndpoint,omitempty"` + + // PublicEndpoint: Output only. The external IP address of this + // cluster's master endpoint. + PublicEndpoint string `json:"publicEndpoint,omitempty"` + + // ForceSendFields is a list of field names (e.g. + // "EnablePrivateEndpoint") to unconditionally include in API requests. + // By default, fields with empty values are omitted from API requests. + // However, any non-pointer, non-interface field appearing in + // ForceSendFields will be sent to the server regardless of whether the + // field is empty or not. This may be used to include empty fields in + // Patch requests. + ForceSendFields []string `json:"-"` + + // NullFields is a list of field names (e.g. "EnablePrivateEndpoint") to + // include in API requests with the JSON null value. By default, fields + // with empty values are omitted from API requests. However, any field + // with an empty value appearing in NullFields will be sent to the + // server as null. It is an error if a field in this list has a + // non-empty value. This may be used to include null fields in Patch + // requests. + NullFields []string `json:"-"` +} + +func (s *PrivateClusterConfig) MarshalJSON() ([]byte, error) { + type NoMethod PrivateClusterConfig + raw := NoMethod(*s) + return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) +} + // RollbackNodePoolUpgradeRequest: RollbackNodePoolUpgradeRequest // rollbacks the previously Aborted or Failed // NodePool upgrade. This will be an no-op if the last upgrade @@ -4131,7 +4381,7 @@ func (c *ProjectsLocationsListCall) Do(opts ...googleapi.CallOption) (*ListLocat // ], // "parameters": { // "parent": { - // "description": "Contains the name of the resource requested.\nSpecific in the format 'projects/*/locations'.", + // "description": "Contains the name of the resource requested.\nSpecified in the format 'projects/*'.", // "location": "path", // "pattern": "^projects/[^/]+$", // "required": true, @@ -6711,7 +6961,7 @@ func (c *ProjectsLocationsClustersNodePoolsCreateCall) Do(opts ...googleapi.Call // ], // "parameters": { // "parent": { - // "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*/nodePools/*'.", + // "description": "The parent (project, location, cluster id) where the node pool will be\ncreated. Specified in the format\n'projects/*/locations/*/clusters/*'.", // "location": "path", // "pattern": "^projects/[^/]+/locations/[^/]+/clusters/[^/]+$", // "required": true, diff --git a/vendor/vendor.json b/vendor/vendor.json index 1fd5cce5f9a..e66191f9458 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -1316,10 +1316,10 @@ "revisionTime": "2017-10-21T00:03:56Z" }, { - "checksumSHA1": "yZERJY3ohvczGG15QPUyUh6VlFQ=", + "checksumSHA1": "fPjdgvz7HJGaoi+SRAelRopu8tM=", "path": "google.golang.org/api/container/v1beta1", - "revision": "348810ff778af56686d572415ce79e6c9fad9613", - "revisionTime": "2018-05-08T15:48:10Z" + "revision": "0e8d13b5c025da6a7cf249bb854e5869921dd459", + "revisionTime": "2018-08-14T00:05:10Z" }, { "checksumSHA1": "pxXDGWhDrfcAOCQCjgxLfZA4NOw=", From 881bc13f88c34b83253481e55be3052debe2c61a Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Wed, 15 Aug 2018 19:20:35 -0700 Subject: [PATCH 2/3] add support for binauthz in gke --- google/resource_container_cluster.go | 37 +++++++++++++++- google/resource_container_cluster_test.go | 44 +++++++++++++++++++ .../docs/r/container_cluster.html.markdown | 3 ++ 3 files changed, 82 insertions(+), 2 deletions(-) diff --git a/google/resource_container_cluster.go b/google/resource_container_cluster.go index 88968af3161..d4d958a547d 100644 --- a/google/resource_container_cluster.go +++ b/google/resource_container_cluster.go @@ -196,6 +196,12 @@ func resourceContainerCluster() *schema.Resource { ForceNew: true, }, + "enable_binary_authorization": { + Type: schema.TypeBool, + Optional: true, + Default: false, + }, + "enable_kubernetes_alpha": { Type: schema.TypeBool, Optional: true, @@ -650,6 +656,11 @@ func resourceContainerClusterCreate(d *schema.ResourceData, meta interface{}) er cluster.ResourceLabels = m } + cluster.BinaryAuthorization = &containerBeta.BinaryAuthorization{ + Enabled: d.Get("enable_binary_authorization").(bool), + ForceSendFields: []string{"Enabled"}, + } + req := &containerBeta.CreateClusterRequest{ Cluster: cluster, } @@ -750,14 +761,14 @@ func resourceContainerClusterRead(d *schema.ResourceData, meta interface{}) erro d.Set("monitoring_service", cluster.MonitoringService) d.Set("network", cluster.NetworkConfig.Network) d.Set("subnetwork", cluster.NetworkConfig.Subnetwork) + d.Set("enable_binary_authorization", cluster.BinaryAuthorization.Enabled) if err := d.Set("node_config", flattenNodeConfig(cluster.NodeConfig)); err != nil { return err } d.Set("project", project) if err := d.Set("addons_config", flattenClusterAddonsConfig(cluster.AddonsConfig)); err != nil { - + return err } - nps, err := flattenClusterNodePools(d, config, cluster.NodePools) if err != nil { return err @@ -911,6 +922,28 @@ func resourceContainerClusterUpdate(d *schema.ResourceData, meta interface{}) er } } + if d.HasChange("enable_binary_authorization") { + enabled := d.Get("enable_binary_authorization").(bool) + req := &containerBeta.UpdateClusterRequest{ + Update: &containerBeta.ClusterUpdate{ + DesiredBinaryAuthorization: &containerBeta.BinaryAuthorization{ + Enabled: enabled, + ForceSendFields: []string{"Enabled"}, + }, + }, + } + + updateF := updateFunc(req, "updating GKE binary authorization") + // Call update serially. + if err := lockedCall(lockKey, updateF); err != nil { + return err + } + + log.Printf("[INFO] GKE cluster %s's binary authorization has been updated to %v", d.Id(), enabled) + + d.SetPartial("enable_binary_authorization") + } + if d.HasChange("maintenance_policy") { var req *containerBeta.SetMaintenancePolicyRequest if mp, ok := d.GetOk("maintenance_policy"); ok { diff --git a/google/resource_container_cluster_test.go b/google/resource_container_cluster_test.go index e52691cdf80..cd9c1de0ace 100644 --- a/google/resource_container_cluster_test.go +++ b/google/resource_container_cluster_test.go @@ -1261,6 +1261,38 @@ func TestAccContainerCluster_withResourceLabelsUpdate(t *testing.T) { }) } +func TestAccContainerCluster_withBinaryAuthorization(t *testing.T) { + t.Parallel() + + clusterName := fmt.Sprintf("cluster-test-%s", acctest.RandString(10)) + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerClusterDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerCluster_withBinaryAuthorization(clusterName, true), + }, + { + ResourceName: "google_container_cluster.with_binary_authorization", + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + }, + { + Config: testAccContainerCluster_withBinaryAuthorization(clusterName, false), + }, + { + ResourceName: "google_container_cluster.with_binary_authorization", + ImportStateIdPrefix: "us-central1-a/", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testAccCheckContainerClusterDestroy(s *terraform.State) error { config := testAccProvider.Meta().(*Config) @@ -2420,3 +2452,15 @@ resource "google_container_cluster" "with_resource_labels" { } `, clusterName) } + +func testAccContainerCluster_withBinaryAuthorization(clusterName string, enabled bool) string { + return fmt.Sprintf(` +resource "google_container_cluster" "with_binary_authorization" { + name = "%s" + zone = "us-central1-a" + initial_node_count = 1 + + enable_binary_authorization = %v +} +`, clusterName, enabled) +} diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index b5c4dd72b98..ffa2b55702f 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -92,6 +92,9 @@ output "cluster_ca_certificate" { * `description` - (Optional) Description of the cluster. +* `enable_binary_authorization` - (Optional) Enable Binary Authorization for this cluster. + If enabled, all container images will be validated by Google Binauthz. + * `enable_kubernetes_alpha` - (Optional) Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded and will be automatically deleted after 30 days. From 44d9013457d22a4d68a36208feae23cf93f16869 Mon Sep 17 00:00:00 2001 From: Dana Hoffman Date: Thu, 16 Aug 2018 17:47:31 -0700 Subject: [PATCH 3/3] update description --- website/docs/r/container_cluster.html.markdown | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/website/docs/r/container_cluster.html.markdown b/website/docs/r/container_cluster.html.markdown index ffa2b55702f..e0c11093ede 100644 --- a/website/docs/r/container_cluster.html.markdown +++ b/website/docs/r/container_cluster.html.markdown @@ -93,7 +93,7 @@ output "cluster_ca_certificate" { * `description` - (Optional) Description of the cluster. * `enable_binary_authorization` - (Optional) Enable Binary Authorization for this cluster. - If enabled, all container images will be validated by Google Binauthz. + If enabled, all container images will be validated by Google Binary Authorization. * `enable_kubernetes_alpha` - (Optional) Whether to enable Kubernetes Alpha features for this cluster. Note that when this option is enabled, the cluster cannot be upgraded